Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mail.ru probably infected my laptop and cmd keeps popping up.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Rishimaru

Rishimaru

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 06 January 2018 - 01:41 PM

Hello!

I've recently downloaded an .exe file and thought it was suspicious as hell, my mind just told me to start the .exe either way and see what'll happen. Soon enough an app got downloaded onto my laptop and I immediately ran an anti-virus scan and deleted the files off of my laptop.

I realized after that it wasn't the end, because some malware or something called Mail.ru was running on my laptop and had no idea how to get rid of it, I trouble-shooted and looked around how to get rid of it. I then proceeded to download an anti-malware software named Zemana and immediately got rid of all of the malware that was infected into my laptop.

 

Ofcourse, this was definetly not the end of it all. Soon enough I found out that my cmd kept popping up and had no idea what was going on. I thought it was something normal and decided to return to my daily stuff I do on my laptop. After two-three days it kept showing up again and again and realized it wasn't something normal, I decided to trouble-shoot afterwards and found out alot of people had problems with it.

Some of them had solutions of trying to track down the file and delete it, but I couldn't track mines down.

 

I soon found out about this forum which seemed like my only solution. It felt like I tried every solution, I've tried TSDDKiller and others like sfc /scannow but none couldn't fix this problem.

 

I've also read other posts and it seems I need to post a log from FRST, except the logs are in dutch which might be a slight problem. I'll post the logs anyway, if it helps.

 

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 02.01.2018
Gestart door Russel (Beheerder) op LAPTOP-77A4OP4C (06-01-2018 19:05:32)
Gestart vanaf C:\Users\Russel\Downloads
Geladen Profielen: Russel (Beschikbare Profielen: Russel)
Platform: Windows 10 Home Versie 1709 16299.125 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: FF)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Scarlet.Crush Productions) D:\Scp\ScpService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Framework\Common\avgsvca.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Copyright 2017.) D:\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\avgui.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Copyright 2017.) D:\Zemana AntiMalware\ZAM.exe
(Scarlet.Crush Productions) D:\Scp\ScpTrayApp.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16484088 2016-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1430776 2016-08-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => D:\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => D:\AVG\Antivirus\AvLaunch.exe [302744 2017-10-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-13] ()
HKLM\...\Run: [ZAM] => D:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-05] (Intel)
HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [408576 2017-12-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Discord] => C:\Users\Russel\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Spotify] => C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-22] (Spotify Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [EvolveClient] => D:\Evolve\EvolveClient.exe [3334528 2017-07-16] (Echobit LLC)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [GameCompanion] => C:\Users\Russel\AppData\Roaming\GameCompanion\GameCompanion.exe [484408 2013-10-13] ()
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Spotify Web Helper] => C:\Users\Russel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-22] (Spotify Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2371856 2017-12-08] ()
HKLM\...\Providers\llfxvnw0: C:\Program Files (x86)\Atterryanehuch Cloud\local64spl.dll <==== AANDACHT
SSODL: EldosMountNotificator-cbfs6 - {67822A3C-A329-4BA1-9677-82410B580572} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {67822A3C-A329-4BA1-9677-82410B580572} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-07-30]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> D:\Scp\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-12-10]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Russel\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restrictie <==== AANDACHT
GroupPolicy\User: Restrictie <==== AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{280c41fa-fe00-48b0-ac16-c63b165c4dfd}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
SearchScopes: HKLM -> DefaultScope waarde ontbreekt
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {08C346E6-7BC0-4359-BB00-87F426E879D3} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: p2tadggk.default
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default [niet gevonden] <==== AANDACHT
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default [2018-01-06]
FF Homepage: Mozilla\Firefox\Profiles\p2tadggk.default -> google.nl/
FF NewTab: Mozilla\Firefox\Profiles\p2tadggk.default -> about:newtab
FF Extension: (BetterTTV) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\firefox@betterttv.net.xpi [2017-07-08]
FF Extension: (GaiaUpgrade) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\gaiaupgrade@gaiatools.com.xpi [2017-11-27]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2017-08-17] [Verouderd]
FF Extension: (Google Translator for Firefox) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\translator@zoli.bod.xpi [2017-02-02] [Verouderd]
FF Extension: (Adblock Plus) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\searchplugins\google-avast.xml [2017-02-24]
FF Extension: (Amazon 1Button App for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb@amazon.com [2016-11-18] [Verouderd] [ niet getekend]
FF Extension: (Nederlands (NL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2016-11-18] [Verouderd] [ niet getekend]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Geen bestand]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Geen bestand]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1422434549-3426595971-112725785-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Russel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR NewTab: ChromeDefaultData ->  Active:"chrome-extension://lfgkmlldjpjacgicdjmmgcboihbghpal/visual-bookmarks.html"
CHR Profile: C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-01-04] <==== AANDACHT
CHR Extension: (Google Presentaties) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-27]
CHR Extension: (Google Documenten) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-27]
CHR Extension: (Google Drive) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (YouTube) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Google Spreadsheets) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-27]
CHR Extension: (Offline Documenten) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Пульс) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal [2018-01-02]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27]
CHR Extension: (Gmail) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-24]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AVG Antivirus; D:\AVG\Antivirus\AVGSvc.exe [282536 2017-10-21] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; D:\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; D:\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-29] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [Bestand niet getekend]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 Ds3Service; D:\Scp\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [Bestand niet getekend]
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-05] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-08-17] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 EvoSvc; D:\Evolve\EvoSvc.exe [1583488 2017-07-16] (Echobit LLC)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-31] () [Bestand niet getekend] <==== AANDACHT
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 HasteUEService; C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe [1583912 2017-08-03] (Thalonet, Inc. (dba Haste))
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Bestand niet getekend]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [Bestand niet getekend]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Bestand niet getekend]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2017-10-17] (Popcorn Time) [Bestand niet getekend]
S3 updater; D:\Scp\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [Bestand niet getekend]
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-02-03] (Wacom Technology, Corp.)
R2 ZAMSvc; D:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314640 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-10-21] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [140192 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1022288 2017-10-28] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [579584 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [193768 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [355856 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-08-03] (/n software, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-08] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (Windows ® Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [Bestand niet getekend]
R3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-08-09] (Echobit, LLC)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-31] (REALiX™)
R3 IntcDMic; C:\WINDOWS\system32\DRIVERS\IntcDMic.sys [607344 2016-08-18] (Intel® Corporation)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2017-12-01] (hxxp://libusb-win32.sourceforge.net)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [Bestand niet getekend]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_d0cabc324ceaf0e9\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [Bestand niet getekend]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-05-27] (Synaptics Incorporated)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-08-03] (/n software, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R4 WinDivert1.2; C:\Program Files\Haste\Haste Esports Accelerator\WinDivert64.sys [39008 2017-08-03] (Basil)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-04] (Zemana Ltd.)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2018-01-06 19:05 - 2018-01-06 19:05 - 000032116 _____ C:\Users\Russel\Downloads\FRST.txt
2018-01-06 19:01 - 2018-01-06 19:05 - 000000000 ____D C:\FRST
2018-01-06 19:00 - 2018-01-06 19:01 - 002393088 _____ (Farbar) C:\Users\Russel\Downloads\FRST64.exe
2018-01-06 18:46 - 2018-01-06 18:52 - 000191280 _____ C:\TDSSKiller.3.1.0.15_06.01.2018_18.46.18_log.txt
2018-01-06 18:46 - 2018-01-06 18:46 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Russel\Downloads\tdsskiller.exe
2018-01-06 18:36 - 2018-01-06 18:36 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2018-01-06 18:14 - 2018-01-06 18:14 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2018-01-06 18:13 - 2018-01-06 18:13 - 000000072 ___SH C:\bootTel.dat
2018-01-06 17:24 - 2018-01-06 17:24 - 001975445 ____N C:\WINDOWS\Minidump\010618-8078-01.dmp
2018-01-06 17:24 - 2018-01-06 17:24 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2018-01-06 17:22 - 2018-01-06 17:22 - 000000000 ____D C:\Users\Russel\AppData\Roaming\epm
2018-01-06 17:20 - 2018-01-06 17:20 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-01-06 17:20 - 2018-01-06 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.8
2018-01-06 17:19 - 2018-01-06 17:19 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-01-06 17:19 - 2017-12-06 12:47 - 004094608 _____ C:\WINDOWS\system32\BootMan.exe
2018-01-06 17:19 - 2017-12-06 12:47 - 003076240 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2018-01-06 17:19 - 2017-12-01 16:32 - 000131728 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2018-01-06 17:19 - 2017-11-23 11:47 - 000030320 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\EPMVolFlt.sys
2018-01-06 17:19 - 2017-11-23 11:47 - 000030320 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFlt.sys
2018-01-06 17:19 - 2016-12-07 13:26 - 000033448 _____ C:\WINDOWS\system32\epmntdrv.sys
2018-01-06 17:19 - 2016-07-11 10:01 - 000010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2018-01-06 17:19 - 2014-11-18 14:46 - 000021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2018-01-06 17:19 - 2014-11-18 14:46 - 000017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2018-01-06 17:18 - 2018-01-06 17:19 - 038501592 _____ (EaseUS ) C:\Users\Russel\Downloads\epm.exe
2018-01-06 10:24 - 2018-01-06 10:24 - 001963507 ____N C:\WINDOWS\Minidump\010618-7718-01.dmp
2018-01-06 10:24 - 2018-01-06 10:24 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2018-01-06 07:29 - 2018-01-06 07:29 - 000000689 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2018-01-05 21:28 - 2018-01-05 21:28 - 000362812 _____ C:\Users\Russel\Downloads\skse_1_07_03_installer(1).exe
2018-01-05 08:20 - 2018-01-05 08:20 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2018-01-04 14:46 - 2018-01-04 14:46 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2018-01-04 14:41 - 2018-01-06 19:05 - 000296138 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-04 14:41 - 2018-01-06 19:05 - 000067081 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-04 14:41 - 2018-01-04 14:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-04 14:41 - 2018-01-04 14:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-04 14:41 - 2018-01-04 14:41 - 000000000 ____D C:\Users\Russel\AppData\Local\Zemana
2018-01-04 14:41 - 2018-01-04 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-04 14:38 - 2018-01-04 14:38 - 006625600 _____ (Zemana Ltd. ) C:\Users\Russel\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-03 22:21 - 2018-01-03 22:21 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2018-01-03 21:11 - 2018-01-03 21:11 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2018-01-03 19:14 - 2018-01-03 19:15 - 038858285 _____ (LOOT Team ) C:\Users\Russel\Downloads\LOOT Installer.exe-1918-0-12-1.exe
2018-01-03 14:13 - 2018-01-03 14:17 - 000000000 ____D C:\Users\Russel\AppData\Local\Skyrim Special Edition
2018-01-03 14:06 - 2018-01-03 14:08 - 281540277 _____ C:\Users\Russel\Downloads\edcb92-ivpack.oiv
2018-01-03 02:38 - 2018-01-03 02:38 - 000000791 _____ C:\Users\Public\Desktop\The Elder Scrolls - Skyrim - Special Edition.lnk
2018-01-02 22:59 - 2018-01-02 22:59 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2018-01-02 20:43 - 2018-01-02 20:43 - 000000000 ____D C:\Users\Russel\AppData\Local\Go!
2018-01-02 20:42 - 2018-01-06 18:39 - 000003590 _____ C:\WINDOWS\System32\Tasks\yIpbU
2018-01-02 20:42 - 2018-01-06 09:39 - 000003398 _____ C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe
2018-01-02 20:42 - 2018-01-02 20:42 - 000003708 _____ C:\WINDOWS\System32\Tasks\sUlOT
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fRvyJE.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000001124 _____ C:\WINDOWS\whdAdYapy
2018-01-02 20:42 - 2017-09-29 14:42 - 000001016 _____ C:\WINDOWS\SysWOW64\YOIEiWOjba
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ C:\Users\Russel\AppData\Local\YnETdiruisOTa
2018-01-01 02:59 - 2018-01-01 02:59 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2017-12-30 03:53 - 2017-12-30 03:53 - 000000000 ____D C:\Users\Russel\AppData\Local\KADOKAWA
2017-12-29 16:43 - 2017-12-29 16:45 - 000000000 ____D C:\Users\Russel\Documents\GTA Underground User Files
2017-12-29 14:57 - 2017-12-29 14:57 - 004535544 _____ C:\Users\Russel\Downloads\621_Ride_2_V1.00_Tr.zips
2017-12-28 13:14 - 2017-12-28 13:14 - 000000000 ____D C:\Users\Russel\AppData\Local\modloader
2017-12-28 13:14 - 2017-12-28 13:14 - 000000000 ____D C:\ProgramData\modloader
2017-12-28 12:27 - 2017-12-28 12:27 - 000007857 _____ C:\WINDOWS\unins000.dat
2017-12-28 12:27 - 2017-12-28 12:26 - 001202415 _____ C:\WINDOWS\unins000.exe
2017-12-28 12:26 - 2017-12-28 12:26 - 000894691 _____ (Seemann, Deji, Alien ) C:\Users\Russel\Downloads\CLEO4_setup.exe
2017-12-28 00:35 - 2017-12-28 00:35 - 000000000 ____D C:\Users\Russel\AppData\Local\Project_RH2_Standard_Bulid
2017-12-27 12:44 - 2017-12-27 12:44 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2017-12-27 10:31 - 2017-12-27 10:31 - 014383616 _____ C:\Users\Russel\Downloads\gta_sa.exe
2017-12-27 09:52 - 2017-12-27 09:52 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2017-12-26 20:18 - 2017-12-26 20:51 - 000000000 ____D C:\Users\Russel\AppData\Roaming\trainerv
2017-12-26 12:19 - 2017-12-26 12:19 - 000000469 _____ C:\Users\Public\Desktop\DiRT 4.lnk
2017-12-26 11:04 - 2017-12-26 11:04 - 000000669 _____ C:\Users\Russel\Desktop\GTA San Andreas V1.lnk
2017-12-26 10:49 - 2017-12-26 10:51 - 000000000 ____D C:\Users\Russel\Downloads\patches
2017-12-26 10:41 - 2017-12-26 10:41 - 000548804 _____ C:\Users\Russel\Downloads\xdelta3_x86.exe
2017-12-26 10:40 - 2017-12-26 10:40 - 002084864 _____ (RockstarNexus) C:\Users\Russel\Downloads\latest.exe
2017-12-25 19:43 - 2017-12-25 19:43 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2017-12-25 10:27 - 2017-12-25 10:27 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2017-12-24 22:08 - 2017-12-24 22:08 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2017-12-24 15:07 - 2017-12-24 15:21 - 000003584 _____ C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-23 16:47 - 2017-12-23 16:47 - 000002424 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2017-12-22 14:54 - 2017-12-22 14:54 - 000000222 _____ C:\Users\Russel\Desktop\Hyperdimension Neptunia Re;Birth1.url
2017-12-22 14:19 - 2017-12-22 14:19 - 000000222 _____ C:\Users\Russel\Desktop\Crypt of the NecroDancer.url
2017-12-22 09:57 - 2017-12-22 09:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2017-12-22 09:57 - 2017-12-22 09:57 - 000000000 ____D C:\Program Files\Common Files\avg
2017-12-22 09:52 - 2018-01-06 17:24 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-22 09:49 - 2017-12-22 09:49 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2017-12-21 22:22 - 2017-12-21 22:22 - 000000222 _____ C:\Users\Russel\Desktop\Dead Cells.url
2017-12-21 22:21 - 2017-12-21 22:21 - 000000222 _____ C:\Users\Russel\Desktop\Furi.url
2017-12-20 04:11 - 2017-12-20 04:12 - 281540223 _____ C:\Users\Russel\Downloads\822dfd-ivpack.oiv
2017-12-19 02:40 - 2017-12-19 02:40 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-12-19 02:38 - 2017-12-19 02:38 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2017-12-19 02:12 - 2017-12-19 02:12 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\YamanekoSoft
2017-12-19 01:52 - 2017-12-19 01:52 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-12-19 01:47 - 2017-12-19 01:49 - 000001008 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2017-12-19 01:47 - 2017-12-19 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-12-19 01:44 - 2017-12-19 01:45 - 215576728 _____ (Rockstar Games) C:\Users\Russel\Downloads\GTAV_Setup_Tool(1).exe
2017-12-19 01:42 - 2017-12-19 01:42 - 019981008 _____ (Rockstar Games.) C:\Users\Russel\Downloads\GTA_V_Launcher_1_0_1290_2.exe
2017-12-17 04:32 - 2017-12-17 04:32 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\DefaultCompany
2017-12-16 21:10 - 2017-12-16 21:10 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-12-16 21:08 - 2017-12-16 21:08 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-12-16 08:23 - 2017-12-16 08:23 - 000000000 ____D C:\Users\Russel\AppData\Local\Ruiner
2017-12-16 02:20 - 2017-12-16 02:20 - 000000222 _____ C:\Users\Russel\Desktop\WWE 2K18.url
2017-12-14 20:26 - 2017-12-14 20:26 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-12-13 19:07 - 2017-12-08 07:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:07 - 2017-12-08 00:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:07 - 2017-12-08 00:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 19:07 - 2017-12-08 00:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 19:07 - 2017-12-08 00:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:07 - 2017-12-08 00:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 19:07 - 2017-12-08 00:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 19:07 - 2017-12-08 00:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:07 - 2017-12-08 00:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 19:07 - 2017-12-08 00:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 19:07 - 2017-12-08 00:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 19:07 - 2017-12-08 00:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 19:07 - 2017-12-08 00:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 19:07 - 2017-12-08 00:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 19:07 - 2017-12-08 00:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 19:07 - 2017-12-08 00:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 19:07 - 2017-12-07 23:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-13 19:07 - 2017-12-07 23:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-13 19:07 - 2017-12-07 23:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:07 - 2017-12-07 23:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-13 19:07 - 2017-12-07 23:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-13 19:07 - 2017-12-07 23:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-13 19:07 - 2017-12-07 23:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-13 19:07 - 2017-12-07 23:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:07 - 2017-12-07 23:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 19:07 - 2017-12-07 23:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 19:07 - 2017-12-07 23:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 19:07 - 2017-12-07 23:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 19:07 - 2017-12-07 23:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:07 - 2017-12-07 23:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 19:07 - 2017-12-07 23:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 19:07 - 2017-12-07 23:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 19:07 - 2017-12-07 23:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:07 - 2017-12-07 23:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:07 - 2017-12-07 23:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 19:07 - 2017-12-07 23:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 19:07 - 2017-12-07 23:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 19:07 - 2017-12-07 22:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:07 - 2017-12-07 22:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 19:07 - 2017-12-07 22:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 19:07 - 2017-12-07 22:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 19:07 - 2017-12-07 22:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 19:07 - 2017-11-26 21:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:07 - 2017-11-26 21:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:07 - 2017-11-26 21:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:07 - 2017-11-26 17:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:07 - 2017-11-26 14:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 19:07 - 2017-11-26 14:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 19:07 - 2017-11-26 14:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:07 - 2017-11-26 14:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:07 - 2017-11-26 14:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 19:07 - 2017-11-26 14:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:07 - 2017-11-26 14:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:07 - 2017-11-26 14:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:07 - 2017-11-26 14:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:07 - 2017-11-26 14:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:07 - 2017-11-26 14:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:07 - 2017-11-26 14:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 19:07 - 2017-11-26 13:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:07 - 2017-11-26 13:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:07 - 2017-11-26 13:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 19:07 - 2017-11-26 13:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:07 - 2017-11-26 13:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:07 - 2017-11-26 13:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:07 - 2017-11-26 13:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 19:07 - 2017-11-26 13:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:07 - 2017-11-26 13:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:07 - 2017-11-26 13:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:07 - 2017-11-26 12:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 19:07 - 2017-11-26 12:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 19:07 - 2017-11-26 12:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:07 - 2017-11-26 12:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:07 - 2017-11-26 12:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:07 - 2017-11-26 11:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:07 - 2017-11-26 11:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:07 - 2017-11-26 11:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:07 - 2017-11-26 11:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 19:07 - 2017-11-26 11:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 19:07 - 2017-11-19 08:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:07 - 2017-11-19 03:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-13 19:06 - 2017-12-08 00:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:06 - 2017-12-08 00:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 19:06 - 2017-12-08 00:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 19:06 - 2017-12-08 00:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:06 - 2017-12-08 00:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:06 - 2017-12-08 00:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 19:06 - 2017-12-08 00:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:06 - 2017-12-08 00:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:06 - 2017-12-08 00:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:06 - 2017-12-08 00:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 19:06 - 2017-12-08 00:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:06 - 2017-12-08 00:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:06 - 2017-12-08 00:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 19:06 - 2017-12-08 00:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:06 - 2017-12-08 00:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 19:06 - 2017-12-07 23:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:06 - 2017-12-07 23:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:06 - 2017-12-07 23:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:06 - 2017-12-07 23:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:06 - 2017-12-07 23:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-13 19:06 - 2017-12-07 23:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 19:06 - 2017-12-07 23:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:06 - 2017-12-07 23:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:06 - 2017-12-07 23:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:06 - 2017-12-07 23:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:06 - 2017-12-07 23:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:06 - 2017-12-07 23:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:06 - 2017-12-07 23:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 19:06 - 2017-12-07 23:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:06 - 2017-12-07 23:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:06 - 2017-12-07 23:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:06 - 2017-12-07 23:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:06 - 2017-12-07 23:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:06 - 2017-12-07 23:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 19:06 - 2017-12-07 22:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:06 - 2017-12-07 22:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:06 - 2017-12-07 22:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:06 - 2017-12-07 22:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:06 - 2017-12-07 22:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 19:06 - 2017-12-07 22:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:06 - 2017-12-07 22:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:06 - 2017-11-26 14:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:06 - 2017-11-26 14:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 19:06 - 2017-11-26 14:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-13 19:06 - 2017-11-26 14:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-13 19:06 - 2017-11-26 14:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 19:06 - 2017-11-26 14:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 19:06 - 2017-11-26 14:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 19:06 - 2017-11-26 14:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 19:06 - 2017-11-26 14:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:06 - 2017-11-26 14:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:06 - 2017-11-26 14:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:06 - 2017-11-26 14:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:06 - 2017-11-26 14:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 19:06 - 2017-11-26 14:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:06 - 2017-11-26 14:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:06 - 2017-11-26 14:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:06 - 2017-11-26 14:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:06 - 2017-11-26 14:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 19:06 - 2017-11-26 14:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:06 - 2017-11-26 14:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:06 - 2017-11-26 14:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:06 - 2017-11-26 14:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:06 - 2017-11-26 14:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:06 - 2017-11-26 14:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:06 - 2017-11-26 14:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 19:06 - 2017-11-26 14:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 19:06 - 2017-11-26 13:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:06 - 2017-11-26 13:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:06 - 2017-11-26 13:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:06 - 2017-11-26 13:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:06 - 2017-11-26 13:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:06 - 2017-11-26 13:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:06 - 2017-11-26 13:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:06 - 2017-11-26 13:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:06 - 2017-11-26 13:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:06 - 2017-11-26 13:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 19:06 - 2017-11-26 13:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:06 - 2017-11-26 13:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:06 - 2017-11-26 13:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:06 - 2017-11-26 13:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:06 - 2017-11-26 13:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:06 - 2017-11-26 13:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 19:06 - 2017-11-26 13:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 19:06 - 2017-11-26 13:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:06 - 2017-11-26 13:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:06 - 2017-11-26 13:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 19:06 - 2017-11-26 13:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:06 - 2017-11-26 13:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 19:06 - 2017-11-26 13:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:06 - 2017-11-26 13:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:06 - 2017-11-26 13:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:06 - 2017-11-26 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:06 - 2017-11-26 13:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 19:06 - 2017-11-26 13:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:06 - 2017-11-26 12:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:06 - 2017-11-26 12:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:06 - 2017-11-26 12:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:06 - 2017-11-26 12:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:06 - 2017-11-26 12:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:06 - 2017-11-26 12:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:06 - 2017-11-26 12:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:06 - 2017-11-26 12:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:06 - 2017-11-26 12:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:06 - 2017-11-26 12:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:06 - 2017-11-26 11:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 19:06 - 2017-11-26 11:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:06 - 2017-11-26 11:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:06 - 2017-11-26 11:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:06 - 2017-11-26 11:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:06 - 2017-11-26 11:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:06 - 2017-11-26 11:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:06 - 2017-11-26 11:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:06 - 2017-11-26 11:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:06 - 2017-11-26 11:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:06 - 2017-11-26 11:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:06 - 2017-11-26 11:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:06 - 2017-11-26 11:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:06 - 2017-11-26 11:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:06 - 2017-11-26 11:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:06 - 2017-11-26 11:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-12 01:47 - 2017-12-12 01:47 - 000000000 ____D C:\Users\Russel\Downloads\PopcornTime
2017-12-12 01:47 - 2017-12-12 01:47 - 000000000 ____D C:\Users\Russel\AppData\Local\PopcornTime
2017-12-12 01:46 - 2017-12-12 01:57 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2017-12-12 01:45 - 2017-12-12 01:46 - 052289552 _____ (Popcorn Time ) C:\Users\Russel\Downloads\PopcornTime-latest.exe
2017-12-11 06:40 - 2017-12-11 06:42 - 346613007 _____ C:\Users\Russel\Downloads\e4c3f8-Rims_Install2.4b.oiv
2017-12-11 01:23 - 2017-12-11 01:23 - 263377831 _____ C:\Users\Russel\Downloads\L.A Vegetation.oiv
2017-12-10 16:14 - 2017-12-31 17:30 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2017-12-10 16:14 - 2017-12-10 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2017-12-10 16:13 - 2017-12-10 16:17 - 000002524 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-12-10 16:13 - 2017-12-10 16:13 - 009119336 _____ (Intel) C:\Users\Russel\Downloads\Intel Driver and Support Assistant Installer(1).exe
2017-12-10 16:13 - 2017-12-10 16:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-12-10 16:05 - 2017-12-10 16:13 - 000000000 ____D C:\Program Files\Intel Driver and Support Assistant
2017-12-10 16:04 - 2017-12-10 16:04 - 009119336 _____ (Intel) C:\Users\Russel\Downloads\Intel Driver and Support Assistant Installer.exe
2017-12-10 02:13 - 2017-12-10 02:13 - 000001132 _____ C:\Users\Russel\Desktop\MEGAsync.lnk
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\Documents\MEGA
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\AppData\Local\MEGAsync
2017-12-10 02:12 - 2017-12-10 02:12 - 014976440 _____ (MEGA Limited) C:\Users\Russel\Downloads\MEGAsyncSetup(1).exe
2017-12-08 11:15 - 2017-12-08 11:15 - 002371856 _____ C:\WINDOWS\SysWOW64\launcher.scr
2017-12-07 21:06 - 2017-12-13 07:21 - 000001822 _____ C:\Users\Russel\Desktop\League Displays.lnk

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2018-01-06 18:42 - 2017-12-01 15:19 - 002634032 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-06 18:42 - 2017-09-30 15:32 - 001221470 _____ C:\WINDOWS\system32\perfh013.dat
2018-01-06 18:42 - 2017-09-30 15:32 - 000280662 _____ C:\WINDOWS\system32\perfc013.dat
2018-01-06 18:40 - 2016-06-08 20:57 - 000000000 ____D C:\Users\Russel\AppData\Local\CrashDumps
2018-01-06 18:38 - 2017-08-04 20:45 - 000000000 ____D C:\Users\Russel\AppData\Local\LogMeIn Hamachi
2018-01-06 18:38 - 2016-11-19 02:37 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\Mozilla
2018-01-06 18:37 - 2017-07-09 09:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-06 18:36 - 2017-12-01 15:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-06 18:36 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-06 18:36 - 2016-06-06 20:45 - 000000000 __SHD C:\Users\Russel\IntelGraphicsProfiles
2018-01-06 18:24 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-06 18:12 - 2017-12-01 15:09 - 000000000 ____D C:\Users\Russel
2018-01-06 18:05 - 2017-12-01 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-06 17:39 - 2017-12-01 15:14 - 000003628 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-01-06 17:27 - 2017-12-01 15:14 - 000004200 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{544BB1BF-DDE1-4AFE-B7D8-3924D260FC9F}
2018-01-06 17:06 - 2016-11-17 08:54 - 000000000 ____D C:\Users\Russel\AppData\Roaming\discord
2018-01-06 16:40 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-06 16:36 - 2017-12-01 15:14 - 000004242 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-01-06 10:17 - 2016-06-06 22:17 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Spotify
2018-01-06 07:31 - 2016-06-06 21:09 - 000000000 ____D C:\Users\Russel\AppData\Roaming\uTorrent
2018-01-06 02:28 - 2017-06-12 06:00 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Origin
2018-01-06 02:28 - 2016-06-13 20:23 - 000000000 ____D C:\ProgramData\Origin
2018-01-06 02:28 - 2016-06-08 19:17 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-06 02:00 - 2016-06-08 01:08 - 000000000 ____D C:\Users\Russel\AppData\Local\Adobe
2018-01-05 21:52 - 2016-06-06 22:20 - 000000000 ____D C:\Users\Russel\AppData\Local\Spotify
2018-01-05 15:49 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-05 15:48 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-05 01:28 - 2017-03-18 16:40 - 000000000 ____D C:\Users\Russel\Documents\RIDE 2 PORTFOLIO
2018-01-04 22:26 - 2016-10-31 16:46 - 000000000 ____D C:\Users\Russel\Documents\Parallel
2018-01-04 14:34 - 2017-12-04 18:15 - 000000000 ____D C:\Users\Russel\AppData\Roaming\PlaysTV
2018-01-03 21:48 - 2017-09-29 00:13 - 000000000 ____D C:\Users\Russel\Documents\Screenshots
2018-01-03 19:23 - 2017-10-31 22:25 - 000000000 ____D C:\Users\Russel\AppData\Local\LOOT
2018-01-03 19:16 - 2017-10-31 22:25 - 000000545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2018-01-03 17:05 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-03 16:25 - 2017-09-27 19:53 - 000000000 ____D C:\Users\Russel\Documents\Nexus Mod Manager
2018-01-03 14:13 - 2016-06-07 19:01 - 000000000 ____D C:\Users\Russel\Documents\My Games
2018-01-02 22:59 - 2016-07-20 01:57 - 000000000 ____D C:\Users\Russel\AppData\Local\Unity
2018-01-02 20:44 - 2017-01-31 08:16 - 000000000 ____D C:\Program Files (x86)\Atigpydecick
2018-01-02 20:43 - 2016-07-20 01:57 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\Unity
2018-01-02 20:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-02 20:42 - 2016-06-12 21:41 - 000000262 __RSH C:\ProgramData\ntuser.pol
2018-01-02 04:18 - 2017-05-08 06:02 - 000000000 ____D C:\Users\Russel\AppData\Roaming\obs-studio
2017-12-31 23:29 - 2017-12-03 12:21 - 000001456 _____ C:\Users\Russel\AppData\Local\Adobe Opslaan voor web 13.0 Prefs
2017-12-30 00:30 - 2016-06-11 20:31 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Skype
2017-12-28 13:17 - 2016-06-12 12:59 - 000000000 ____D C:\Users\Russel\Documents\GTA San Andreas User Files
2017-12-27 00:04 - 2017-12-01 15:14 - 000003548 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-27 00:04 - 2017-12-01 15:14 - 000003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-12-27 00:04 - 2016-06-14 19:46 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-25 22:24 - 2016-06-08 19:23 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-22 09:52 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-22 09:49 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-21 05:27 - 2017-06-12 06:00 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-19 07:01 - 2017-07-09 09:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-19 07:00 - 2017-12-01 15:14 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-19 01:54 - 2016-07-09 14:31 - 000000000 ____D C:\Users\Russel\Documents\Rockstar Games
2017-12-19 01:54 - 2016-07-09 14:31 - 000000000 ____D C:\Users\Russel\AppData\Local\Rockstar Games
2017-12-18 06:27 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-16 08:23 - 2017-09-07 20:31 - 000000000 ____D C:\Users\Russel\AppData\Local\UnrealEngine
2017-12-16 04:17 - 2016-06-15 00:49 - 000000000 ____D C:\Users\Russel\AppData\Roaming\vlc
2017-12-15 16:07 - 2017-05-15 08:15 - 000000000 ____D C:\Users\Russel\Downloads\Telegram Desktop
2017-12-15 16:07 - 2016-10-26 12:23 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Telegram Desktop
2017-12-14 23:43 - 2017-12-05 02:10 - 000000000 ____D C:\Users\Russel\AppData\Local\LolScreenSaver
2017-12-14 20:27 - 2017-12-01 15:27 - 000000000 ___RD C:\Users\Russel\3D Objects
2017-12-14 20:27 - 2016-04-27 07:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-14 20:26 - 2017-12-01 15:07 - 000659864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2017-12-14 20:25 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-14 16:36 - 2017-12-01 15:09 - 000000000 ____D C:\Users\Russel\AppData\Local\Packages
2017-12-13 19:12 - 2016-06-07 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 19:10 - 2017-10-11 15:46 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 19:10 - 2016-06-07 19:40 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 19:08 - 2017-09-29 14:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-12-13 19:08 - 2017-09-29 14:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-12-13 19:08 - 2017-09-29 14:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-12-13 19:08 - 2017-09-29 14:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-12-13 10:57 - 2016-06-13 15:30 - 000000034 _____ C:\Users\Russel\AppData\Roaming\AdobeWLCMCache.dat
2017-12-13 07:21 - 2016-06-07 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-12-12 22:41 - 2017-12-01 15:14 - 000004496 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 22:41 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 22:41 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 18:11 - 2017-08-21 18:35 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-12 18:11 - 2017-08-21 18:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-12 01:25 - 2016-07-27 05:49 - 000000000 ____D C:\Users\Russel\AppData\Local\Rockstar_Games
2017-12-12 00:02 - 2016-11-17 08:54 - 000000000 ____D C:\Users\Russel\AppData\Local\Discord
2017-12-11 02:12 - 2017-12-01 15:14 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1422434549-3426595971-112725785-1001
2017-12-11 02:12 - 2016-06-06 20:47 - 000002390 _____ C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-11 02:12 - 2016-06-06 20:47 - 000000000 ___RD C:\Users\Russel\OneDrive
2017-12-10 19:03 - 2017-06-19 18:13 - 000000000 ____D C:\Users\Russel\AppData\Roaming\BetterDiscord
2017-12-10 19:00 - 2017-11-30 09:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-10 16:13 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files\Intel
2017-12-10 16:13 - 2015-11-18 05:36 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-10 16:06 - 2016-06-20 22:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-12-10 16:06 - 2015-11-18 05:37 - 000000000 ____D C:\ProgramData\Intel
2017-12-09 02:33 - 2016-07-27 04:54 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-07 15:36 - 2017-08-15 05:05 - 000000000 ____D C:\Users\Russel\AppData\Local\FalloutNV

==================== Bestanden in de root van sommige mappen =======

2017-01-31 08:13 - 2017-01-31 08:34 - 001620992 _____ () C:\ProgramData\service.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL
2017-09-29 14:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL.bat
2016-06-13 15:30 - 2017-12-13 10:57 - 000000034 _____ () C:\Users\Russel\AppData\Roaming\AdobeWLCMCache.dat
2017-11-28 15:18 - 2017-11-28 15:19 - 000000600 _____ () C:\Users\Russel\AppData\Roaming\winscp.rnd
2017-12-03 12:21 - 2017-12-31 23:29 - 000001456 _____ () C:\Users\Russel\AppData\Local\Adobe Opslaan voor web 13.0 Prefs
2017-12-24 15:07 - 2017-12-24 15:21 - 000003584 _____ () C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-09 15:45 - 2016-07-09 15:45 - 000000094 _____ () C:\Users\Russel\AppData\Local\fusioncache.dat
2016-09-14 12:27 - 2016-09-14 13:12 - 000000600 _____ () C:\Users\Russel\AppData\Local\PUTTY.RND
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ () C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa
2017-09-29 14:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat

Sommige bestanden in TEMP:
====================
2018-01-06 00:39 - 2018-01-06 00:39 - 000388425 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\231174032.exe
2018-01-03 19:59 - 2018-01-03 19:59 - 000388407 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\271394290.exe
2018-01-02 20:41 - 2018-01-02 20:42 - 002575544 _____ () C:\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2018-01-01 11:08

==================== Eind van FRST.txt ============================

Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 02.01.2018
Gestart door Russel (06-01-2018 19:06:26)
Gestart vanaf C:\Users\Russel\Downloads
Windows 10 Home Versie 1709 16299.125 (X64) (2017-12-01 14:26:44)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1422434549-3426595971-112725785-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1422434549-3426595971-112725785-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-1422434549-3426595971-112725785-503 - Limited - Disabled)
Gast (S-1-5-21-1422434549-3426595971-112725785-501 - Limited - Disabled)
Russel (S-1-5-21-1422434549-3426595971-112725785-1001 - Administrator - Enabled) => C:\Users\Russel
WDAGUtilityAccount (S-1-5-21-1422434549-3426595971-112725785-504 - Limited - Disabled)

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

. . (HKLM\...\{9C40698F-A953-4658-AFF2-F7BB385A3910}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{870E5275-5457-4BBC-98C9-BFF4B70AA5D3}) (Version: 3.1.0.12 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.3.0.034 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{9B0619A0-D501-11E5-B16B-FB3EC5F53981}) (Version: 2015.1.2.44 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
AVG (HKLM\...\{BE1A8A5D-8197-48D3-8A41-4360888B7306}) (Version: 1.231.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.25.4 - Bethesda Softworks)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version:  - Bethesda Softworks)
Criminal Girls Invite Only (HKLM-x32\...\Criminal Girls Invite Only_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Darkest Dungeon The Shieldbreaker (HKLM-x32\...\Darkest Dungeon The Shieldbreaker_is1) (Version:  - )
DiRT 4 (HKLM-x32\...\DiRT 4_is1) (Version:  - )
Discord (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.3.31 - Dolby Laboratories, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 12.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Game Launcher version 3.2.1.7 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.7 - Eikester)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.0.0.11" - Rockstar Games)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Haste Esports Accelerator (HKLM\...\{C448EF28-2A1D-45CE-B824-0C2F4B4E60BD}) (Version: 1.00.0034 - Haste)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{2550a40e-aac6-4d21-9361-744d33bec573}) (Version: 3.1.0.12 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.872-beta - Riot Games)
League of Legends (HKLM-x32\...\{CE7DD90C-BD1D-4B49-A4E8-3F38C313BEF5}) (Version: 4.1.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
LOOT version 0.12.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.12.1 - LOOT Team)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Moero Chronicle (HKLM-x32\...\Moero Chronicle_is1) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 55.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Need for Speed™ Payback (HKLM-x32\...\{F4CF3D08-565C-40B7-B351-D3033DE2172B}) (Version: 1.0.51.9958 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nights of Azure (HKLM-x32\...\Nights of Azure_is1) (Version:  - )
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Omega Quintet (HKLM-x32\...\Omega Quintet_is1) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\OpenIV) (Version: 2.9.2.931 - .black/OpenIV Team)
Operation Abyss New Tokyo Legacy (HKLM-x32\...\Operation Abyss New Tokyo Legacy_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{5a49045d-2227-4c19-9d9c-493e84cb9a73}) (Version: latest - ppy Pty Ltd)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.5-r125535-release - Plays.tv, LLC)
PokeMMO (HKLM\...\PokeMMO_is1) (Version:  - PokeMMO)
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.0099 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7801 - Realtek Semiconductor Corp.)
Ride 2 (HKLM-x32\...\Ride 2_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RUINER (HKLM-x32\...\RUINER_is1) (Version:  - )
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Senran Kagura Shinovi Versus (HKLM-x32\...\Senran Kagura Shinovi Versus_is1) (Version:  - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sound Editor 2018 (HKLM-x32\...\Sound Editor 2018) (Version: 1.0.1 - TheVisitorX)
Spotify (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
State of Decay: Year-One Survival Edition (HKLM-x32\...\State of Decay: Year-One Survival Edition_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.1 (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1 - Telegram Messenger LLP)
The Elder Scrolls: Skyrim - Special Edition (HKLM-x32\...\The Elder Scrolls: Skyrim - Special Edition_is1) (Version:  - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
Tokyo Xanadu eX+ (HKLM-x32\...\Tokyo Xanadu eX+_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version: 1.0.0.0 - Motiga)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wacom-tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-7 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WhatsApp (HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\WhatsApp) (Version: 0.2.1880 - WhatsApp)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WWE 2K18+ (HKLM-x32\...\{69DBFDF3-EE89-400D-B4CE-825704E4BD41}) (Version: 0.01.0105 - Pozzum)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0982A78FF6A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {C382E5F6-6526-45F0-9B98-90091EEF87D4} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-08-03] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {C382E5F6-6526-45F0-9B98-90091EEF87D4} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-08-03] (/n software, Inc.)
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> Geen bestand
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-04] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\AVG\Antivirus\ashShA64.dll [2017-10-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> Geen bestand
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> Geen bestand
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Geen bestand
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxDTCM.dll [2016-11-23] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-04] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => D:\AVG\Antivirus\ashShA64.dll [2017-10-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {017D1B27-28A7-44F8-ABC8-0D12560DCD86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {0A3735AE-5040-4C1A-811F-86DE5B1EA507} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {0F478F0B-6B2E-4A32-951B-1C592A88BC24} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {16477E6B-3444-4F6B-B935-C1C62EF82488} - \MailRuUpdater -> Geen bestand <==== AANDACHT
Task: {1AB43274-2932-48DA-9F8E-18D4BB1A56AF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {1F678FA9-6209-4515-B672-8EAF5D8596A6} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT
Task: {2036AF21-7282-4C04-B4A9-A41BC3BA49D6} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-05] (Acer Incorporated)
Task: {21BB92C2-5E35-4A70-84DD-37594EAAE8E1} - System32\Tasks\yIpbU => C:\Program Files (x86)\Common Files\oAaOtulaOL.bat [2017-09-29] () <==== AANDACHT
Task: {2596CB1E-259C-4A85-9E2E-BF74445E09B8} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {278A5F3F-B26C-443A-B850-0D980076D051} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {3063D677-35D4-4A1B-8011-1967D3FD27E9} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {30D1F3E2-CDC8-40A8-8620-56B2A33670AB} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1422434549-3426595971-112725785-1001 => C:\Users\Russel\AppData\Local\MEGAsync\MEGAupdater.exe [2017-11-24] (Mega Limited)
Task: {327E935A-4993-437F-96B3-A28B399F12FF} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {3DF9F651-D041-4778-BC3D-EF66AF49D18A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\avg\overseer\overseer.exe [2018-01-05] (AVG Technologies CZ, s.r.o.)
Task: {404D0674-23C9-4158-853F-8F3E569C0FE4} - System32\Tasks\GetNetworkInfo => C:\Users\Russel\AppData\Local\Temp\setdebug.exe <==== AANDACHT
Task: {45DDBC3B-52D3-4A64-9386-9F8A49348322} - System32\Tasks\Driver Booster SkipUAC (Russel) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {467E9B4E-8BDC-4CF2-9220-0E0B767A9D24} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {47758321-3B0A-4C2B-AAD1-9CB14026EABE} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {48F13DBF-7A34-4DD9-AB6E-401EF999FE8F} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {50AF9C9A-0B8F-43E5-AC2B-F0562F608A26} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {562E0DD1-0D71-4DA6-A461-1C62E7D801E2} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {62AE8127-0493-4A97-834A-768C81CD636D} - System32\Tasks\bvyvbvyf => C:\Users\Russel\AppData\Local\bvyvbvyf\bvyvbvyf.exe <==== AANDACHT
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-04-11] ()
Task: {722A6923-2D89-4A11-B1EA-FF33EF4ADB82} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {77DBC389-F35F-4530-8C09-633AD221E3B5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {7F69883E-8A5A-468E-85C5-07E8E353A546} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {82EA14AE-EE68-4A80-A9FB-7E339C7BC75C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {8AADF9E2-E5B3-426A-BE16-5B62F7CFC5D2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-06] (Dropbox, Inc.)
Task: {8BB068B2-4301-4CAB-B288-2B44ED9D123F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {938B8D92-323A-42EA-B185-F6BEAAF2CACA} - System32\Tasks\sUlOT => C:\Program Files (x86)\FxUapOWu.exe [2017-09-29] (Microsoft Corporation) <==== AANDACHT
Task: {97C5EF5A-2070-423F-ADA4-47C3E3F0E844} - System32\Tasks\Atterryanehuch Cloud => C:\Program Files (x86)\Atigpydecick\wafers.exe [2017-01-31] (Glarysoft Ltd)
Task: {99BEF9A6-DDBC-44A7-8B8D-9A74A9D38C56} - System32\Tasks\updater => D:\Scp\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {9C077902-D391-4171-BB55-03BCCD54FD6B} - System32\Tasks\{E7C8E835-361A-4814-9145-84B19CC22FC2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\tbTecB2ldn\uninstall.exe"
Task: {A6B7FFA7-1A07-4132-AD41-2BA4DCB8551B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {A92000CF-6418-457D-974A-32AC3F589844} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {C446D34C-78F0-4C98-ACE4-5CE05303839A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-06] (Dropbox, Inc.)
Task: {CE6E0948-5AAE-4A08-8B15-29555A085AF6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {D4C2FB13-1E2A-4CD7-929F-55940B9B594B} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-77A4OP4C-Russel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E3A373B7-5CE5-47D1-81BB-1CAFEFAF820E} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {E513C0C3-9C79-4458-A6D2-994F30C568B0} - System32\Tasks\AOOcRuIHiAeIe => C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat [2017-09-29] () <==== AANDACHT
Task: {E541F260-BA3B-423E-8EE6-2A037071FC2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {E6FD842A-9F44-4680-B1F3-8CAF2F9784DE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {FBD71175-37A7-4392-A397-3281C9591B8D} - System32\Tasks\Antivirus Emergency Update => D:\AVG\Antivirus\AvEmUpdate.exe [2017-10-21] (AVG Technologies CZ, s.r.o.)
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-04-11] ()

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Snelkoppelingen & WMI ========================

(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Geladen Modules (gefilterd) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-03-04 20:26 - 2016-03-04 20:26 - 005570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 000598528 _____ () C:\Users\Russel\AppData\Local\MEGAsync\ShellExtX64.dll
2016-08-23 14:05 - 2016-08-23 14:05 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-12-18 17:10 - 2017-12-18 17:10 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2017-12-18 17:10 - 2017-12-18 17:10 - 002360512 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-12-18 17:10 - 2017-12-18 17:10 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2016-01-27 05:04 - 2016-01-27 05:04 - 000163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-12-10 16:13 - 2017-03-07 19:15 - 000824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-12-10 16:13 - 2017-03-07 19:18 - 001981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-12-10 16:13 - 2017-03-07 19:10 - 000248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-12-10 16:13 - 2017-03-07 19:09 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-12-10 16:13 - 2017-03-07 19:10 - 000175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-12-10 16:13 - 2017-03-07 19:09 - 000204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-12-10 16:13 - 2017-03-07 19:08 - 000337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-12-10 16:13 - 2017-03-07 19:05 - 000148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-12-10 16:13 - 2017-03-07 19:05 - 000178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll
2017-12-10 16:13 - 2017-03-07 19:10 - 000213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-12-10 16:13 - 2017-03-07 19:07 - 000225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-12-10 16:13 - 2017-03-07 19:05 - 000212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-12-10 16:13 - 2017-03-07 19:07 - 000220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-12-10 16:13 - 2017-03-07 19:07 - 000238864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input_toe.dll
2017-12-04 14:49 - 2017-12-04 14:49 - 000305152 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\f2d212d6ff52c9c2ca6362629bef1bdd\ReactiveSockets.ni.dll
2014-05-02 10:52 - 2014-05-02 10:52 - 000599040 _____ () D:\Scp\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 05:55 - 2014-05-02 05:55 - 000185344 _____ () D:\Scp\irrKlang\amd64\ikpflac.dll
2014-05-02 05:05 - 2014-05-02 05:05 - 000173056 _____ () D:\Scp\irrKlang\amd64\ikpmp3.dll
2015-05-19 18:11 - 2015-05-19 18:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-01-01 09:17 - 2017-11-16 02:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2017-12-13 19:07 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:06 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-03 12:52 - 2017-08-03 12:52 - 000061440 _____ () C:\Program Files\Haste\Haste Esports Accelerator\WinDivert.dll
2017-02-24 04:22 - 2017-02-03 01:01 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2018-01-03 13:28 - 2018-01-03 13:29 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 13:28 - 2018-01-03 13:29 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 13:28 - 2018-01-03 13:29 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 13:28 - 2018-01-03 13:29 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 13:28 - 2018-01-03 13:28 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2015-11-13 18:51 - 2015-11-13 18:51 - 000629248 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2015-11-18 06:06 - 2015-05-14 08:10 - 000030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2017-12-10 16:13 - 2017-03-07 19:13 - 000747792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-12-10 16:13 - 2017-03-07 19:08 - 000218384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-12-10 16:13 - 2017-03-07 19:11 - 000238864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input_toe.dll
2016-04-11 17:16 - 2016-04-11 17:16 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-12-12 21:22 - 2017-12-12 21:22 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-12-12 21:22 - 2017-12-12 21:22 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-12-12 21:22 - 2017-12-12 21:22 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2017-01-31 08:30 - 2017-01-31 08:29 - 048920064 _____ () D:\AVG\UiDll\2623\libcef.dll
2017-10-21 06:32 - 2017-10-21 06:32 - 000168216 _____ () D:\AVG\Antivirus\JsonRpcServer.dll
2017-09-10 01:20 - 2017-09-10 01:20 - 000060160 _____ () D:\AVG\Antivirus\module_lifetime.dll
2017-07-08 00:00 - 2017-07-08 00:00 - 067109376 _____ () D:\AVG\Antivirus\libcef.dll
2017-10-21 06:32 - 2017-10-21 06:32 - 000218208 _____ () D:\AVG\Antivirus\event_routing_rpc.dll
2017-10-21 06:32 - 2017-10-21 06:32 - 000245704 _____ () D:\AVG\Antivirus\tasks_core.dll
2017-10-28 01:12 - 2017-10-28 01:12 - 000704456 _____ () D:\AVG\Antivirus\ffl2.dll
2017-12-06 23:39 - 2017-12-05 02:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-12-06 23:39 - 2017-12-05 02:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-09-06 12:33 - 2017-12-05 02:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-06 12:33 - 2017-12-05 02:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-06 12:33 - 2017-12-05 02:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-06 12:33 - 2017-12-05 02:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-06 12:33 - 2017-12-05 02:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-06 12:33 - 2017-12-05 02:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 19:37 - 2017-12-05 02:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 23:13 - 2017-12-05 02:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 19:32 - 2017-12-05 02:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-09-06 12:33 - 2017-12-05 02:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-28 01:08 - 2017-12-05 02:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-24 02:02 - 2017-12-05 02:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-09-06 12:33 - 2017-12-05 02:08 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-24 02:02 - 2017-12-05 02:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 02:02 - 2017-12-05 02:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 02:02 - 2017-12-05 02:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-06 12:33 - 2017-12-05 02:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-09-06 12:33 - 2017-12-05 02:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-12-06 23:39 - 2017-12-05 02:07 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-12-06 23:39 - 2017-12-05 02:06 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-12-06 23:39 - 2017-12-05 02:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-06 12:33 - 2017-12-05 02:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-12-06 23:39 - 2017-12-05 02:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-09-06 12:33 - 2017-12-05 02:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-12-06 23:39 - 2017-12-05 02:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-01-01 09:17 - 2017-11-16 02:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-01 15:09 - 2017-12-01 15:09 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 12:35 - 2017-09-26 12:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 12:34 - 2017-09-26 12:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 14:56 - 2017-10-02 14:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-09-18 22:34 - 2015-09-18 22:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


==================== Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2015-07-10 12:04 - 2018-01-04 14:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Russel\Pictures\random photoshop stuff\80's-Styled-Logo.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is ingeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "GameJoltClient"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "GameCompanion"
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\StartupApproved\Run: => "MailRuUpdater"

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [{67EA3EDB-B302-4CE6-92D6-E31271237357}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{43F3EEC9-150F-4C29-9FD8-7CEACDD45342}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{4325E721-4936-4CB0-B7D4-7F0B27EC17C3}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{32344913-DC26-40B7-BC1F-4C9C9FB9D0C5}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{49521EFA-2C05-436E-A8FF-C76D8E83F8B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{24BC4918-FB00-4960-A55E-09612E8BF8E5}D:\games\fallout 4\creationkit.exe] => (Allow) D:\games\fallout 4\creationkit.exe
FirewallRules: [TCP Query User{61B99CEF-5327-404B-AD87-606229E37155}D:\games\fallout 4\creationkit.exe] => (Allow) D:\games\fallout 4\creationkit.exe
FirewallRules: [UDP Query User{93040C4C-8239-4830-9629-26FD93B9C3BA}D:\games\pro evolution soccer 2018\pes2018.exe] => (Allow) D:\games\pro evolution soccer 2018\pes2018.exe
FirewallRules: [TCP Query User{36E3E896-BA6E-4125-8E80-159EA82D8677}D:\games\pro evolution soccer 2018\pes2018.exe] => (Allow) D:\games\pro evolution soccer 2018\pes2018.exe
FirewallRules: [{C01D83F5-1DE2-4F6F-96E7-5292E3EEFC80}] => (Allow) D:\Steam\steamapps\common\QWANT\NSUNS1.exe
FirewallRules: [{ADF30253-5156-4CB1-BDB1-7D21B4874DFB}] => (Allow) D:\Steam\steamapps\common\QWANT\NSUNS1.exe
FirewallRules: [{A044DBF9-4037-4704-B4DA-9331CB2A529A}] => (Allow) D:\Steam\steamapps\common\Null Vector\Null_Vector.exe
FirewallRules: [{A8F0EFBE-C2C6-4F82-B7C1-B371EBCB3A91}] => (Allow) D:\Steam\steamapps\common\Null Vector\Null_Vector.exe
FirewallRules: [UDP Query User{CA6D2F17-4F56-412D-A324-307D1DF7B741}D:\steam\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [TCP Query User{8CFA977B-CE91-4780-BB63-B19A6E8A0185}D:\steam\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [{688F8902-8BFB-45BB-BD18-65408E42A916}] => (Allow) D:\Steam\steamapps\common\Neon Drive\Neon Drive.exe
FirewallRules: [{C7DDED98-91B5-48A1-9FA6-929972AB206F}] => (Allow) D:\Steam\steamapps\common\Neon Drive\Neon Drive.exe
FirewallRules: [UDP Query User{0F69690E-F591-47D5-9947-EA5F1724B3B4}D:\games\gta5.exe] => (Allow) D:\games\gta5.exe
FirewallRules: [TCP Query User{E9D99D8E-28C8-4CEA-95AE-AA8B857793BD}D:\games\gta5.exe] => (Allow) D:\games\gta5.exe
FirewallRules: [UDP Query User{A2A2FCFB-3D26-49B0-BC27-158546D187CE}D:\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [TCP Query User{5A7C5ACF-E44C-4E45-A2D4-DAB5D46DA8AA}D:\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\gigantic\binaries\win64\rxgame-win64-shipping.exe
FirewallRules: [UDP Query User{D904AAEE-3BEB-4775-87DD-A8745D071055}D:\steam\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steam\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [TCP Query User{8AB3934B-7ABE-4912-8D7A-35EC2BEEA8E5}D:\steam\steamapps\common\gigantic\arc\arcchat.exe] => (Allow) D:\steam\steamapps\common\gigantic\arc\arcchat.exe
FirewallRules: [UDP Query User{2DA32500-8C0E-444E-8D43-AED40A71CABF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{85848DA3-B095-42B7-A10D-02A7B65197C8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0E68D0B1-EC4F-41D4-8FDE-BCCA111D78A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{296F06B0-A72F-494E-B059-A5DE97877401}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{19DE5D05-6CB0-411E-AA0A-A7C60B4DCDF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{634B7DB1-CC7B-4068-AB2E-8C166267055F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6184139F-15ED-45ED-BB0B-2E1CF33BB0BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4D24AADC-EF70-431C-B7C2-D48CA082DF13}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E40A07DD-958B-42EF-B348-8B0CB3BBDB77}] => (Allow) D:\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{DAA1DC97-157E-4371-A3DC-BC9CEFBB8C74}] => (Allow) D:\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{0DE57E37-C885-4F51-A332-4A2DE83F73B0}] => (Block) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4A6498C2-ADDD-4287-84CF-7941F958A3B8}] => (Block) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{258B27F4-00B1-495F-8557-DA5E28DDAD89}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9A3C1759-17E9-4D80-A647-FB3FCC4A0E6D}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{191C1BFC-C9AE-4E98-9BDF-CF6C07568E47}] => (Allow) D:\Steam\steamapps\common\Little Racers STREET\LittleRacersStreet.exe
FirewallRules: [{1636787C-CA5D-4E00-BF1F-6F1904DD77CA}] => (Allow) D:\Steam\steamapps\common\Little Racers STREET\LittleRacersStreet.exe
FirewallRules: [{3B11D517-234A-4E1D-A5CD-8485D15FD8AA}] => (Allow) D:\Steam\steamapps\common\Eternal Senia\Game.exe
FirewallRules: [{61481100-8106-4AD9-9B24-E1FBC6981941}] => (Allow) D:\Steam\steamapps\common\Eternal Senia\Game.exe
FirewallRules: [{4983DC34-32DC-4178-AF8D-2107471A7A7B}] => (Allow) D:\Evolve\EvolveClient.exe
FirewallRules: [{055E1E4B-F11C-411D-8A14-32DC3D89F2A9}] => (Allow) D:\Evolve\EvoSvc.exe
FirewallRules: [{A96C8D38-6120-452B-B622-C54D13C26A3D}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{7FA444AC-645D-4E26-9DFF-B5F7B244669A}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{3EFDDC78-5C0E-4BEF-AF70-CD474EE8C5C2}] => (Allow) D:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{6A2F9F4B-0F9F-42C8-B826-6E139DA8AC1E}] => (Allow) D:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{612AADF1-322C-4B6D-BC88-623D75820482}] => (Allow) D:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{BC41B8FF-7DB4-4B45-A9C6-305A953BD40C}] => (Allow) D:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [UDP Query User{C753404C-3F25-4A25-9099-763F960F109D}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{C5F93FB4-8930-45BB-A131-AC821406F72A}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [{B0D40BE4-DBB6-42F8-B6D4-A35A705A39C7}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{64815DF5-B0C3-4D54-993C-AE6A0B6D3D34}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{1C69DFBE-8F2E-42A1-B663-3AD162CA1BFC}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{C17F56ED-1CF1-4DBE-9934-042C3D4F304F}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{494EEDE6-A4B0-4DAA-A93A-C4F309845817}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7DF7A5FF-7792-4687-B6B9-071609253B6B}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3B5748AF-7ACB-49BA-B64F-1490C577E02C}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{6CF40B38-13AD-4560-BB0F-CF6E83AC2F53}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{74843B1D-4538-4B4D-B988-07D73D5C4F87}] => (Allow) D:\Games\Mr DJ\Need For Speed Underground\uniws.exe
FirewallRules: [{C1F39407-BCB9-43B9-B694-C9E1D0A1085A}] => (Allow) D:\Games\Mr DJ\Need For Speed Underground\uniws.exe
FirewallRules: [{6D746E21-4D2A-4304-A194-7BC79E41191B}] => (Allow) D:\Games\Mr DJ\Need For Speed Underground\speed.exe
FirewallRules: [{C769D166-02EB-415A-9D6B-67D91F6DD962}] => (Allow) D:\Games\Mr DJ\Need For Speed Underground\speed.exe
FirewallRules: [UDP Query User{DCB35698-9C1F-4E84-A880-95F74853375C}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [TCP Query User{E8FD4FEE-A7E5-4E2E-B2E8-CC82389788F6}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [{795E7296-9990-41F6-A770-6DF8F094D9D2}] => (Allow) D:\Games\The Sims 4 Deluxe Edition\Game\Bin\TS4_x64.exe
FirewallRules: [{4FDA4C88-923C-4DD0-BF62-DDDF85009DB0}] => (Allow) D:\Games\The Sims 4 Deluxe Edition\Game\Bin\TS4_x64.exe
FirewallRules: [{C5BA356E-BBEA-46CE-BF91-921FE08CAF6C}] => (Allow) D:\Games\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{87D453D0-3BAE-4C63-975A-6A7EE489A483}] => (Allow) D:\Games\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{1B5948B5-1ED5-4F56-BC94-E772FB165D84}] => (Allow) D:\Evolve\EvolveClient.exe
FirewallRules: [{755F28C0-6ED9-4A93-A378-0B22004949E5}] => (Allow) D:\Evolve\EvoSvc.exe
FirewallRules: [{49ED00D6-6F90-4EA1-9C46-F38BEE34232F}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{465E61ED-F47A-4109-9FCF-BE24742BC4DE}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{FAA5D48A-7A95-4E96-B59D-778981916BF3}] => (Allow) D:\Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{9490BA0A-E4E0-4877-8112-7E167F7E4E50}] => (Allow) D:\Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [UDP Query User{FB88191B-B723-45AA-9F46-A79832278E68}C:\users\russel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\russel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FE20186D-6B80-430D-8A43-0DD8F28DB606}C:\users\russel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\russel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D2C34425-DB42-4477-A3B3-573F52650BB2}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{0013C986-8328-4CFF-913F-E6875A8A2EFF}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{B030B966-9874-4C19-BFD7-E115EDACFE3E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7FF32BD1-AB38-4DE8-8FE6-6A0C2B810FBC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0C53005C-A0C4-43DF-8F34-BBA56B9585C9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{251BF11A-D176-4669-BDE8-365E14C7AC5E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A3176148-BD51-4728-BE9A-EC20634580ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9268AFA8-2EB5-44A0-9FF1-EC77C9EE33AB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{91692DC0-BF42-45CE-82A5-6E667F038C2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{99A02CC2-82BE-412C-A87F-9BF1734CBBA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3B15EAD8-385E-494A-AA18-4BC07A5A4CF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4F1B455C-9093-4432-B67C-F5E6165332B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D79BA0F-C6E8-4BE9-A9B9-59FC7A840A1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D5039C4B-81BD-44D3-AE1C-BEA2D5654F58}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{857BC084-B1C6-48CA-BACE-6E88411C7646}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A2E693F-D023-4D96-8AEC-563C75366344}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8407CD85-998F-4FDE-BC29-F3B84A9A0721}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D92C6010-F95C-4163-9E67-5F458A19C9D2}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CB05A2F6-DEBC-4A34-AAE3-F4CFCC21E2ED}] => (Allow) C:\Users\Russel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{383A9193-98C5-4BBE-8A50-A905B32171AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{86353485-5E54-4175-9CC2-EA0B28ACCA33}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{4C9869B0-A798-4B59-883B-F87B2D856C2F}C:\users\russel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\russel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ECED5AFA-B9EE-44D7-BD0A-712E53233E62}C:\users\russel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\russel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AEA83CD4-E058-4AF8-8D3E-09C073275EB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6A74DC9-4FD6-4F19-BAC4-C38939D52470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52F40591-CE8F-433F-9F9D-39DC8E8F7C07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D019D38-7D5B-4CB1-9187-DB61EF1EB33C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7C5729DE-4D8C-48C7-A16C-D5569B908B9D}] => (Allow) C:\Program Files (x86)\Capcom\MotoGP 08\Launcher.exe
FirewallRules: [{E32DD91B-13BB-467C-B462-D83D71D75D16}] => (Allow) C:\Program Files (x86)\Capcom\MotoGP 08\Launcher.exe
FirewallRules: [{2828DE0A-1F4D-4BFD-ABCC-46FCCA6A5BF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{BD4E149D-C9A1-47B8-AF08-A6E5862A4E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8DA5B9A9-405A-4B5E-9B72-35A2BA859BB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{129AC19D-F9AB-4824-B47C-3D512350C6A5}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [UDP Query User{843F28F5-ABF4-4499-A281-A87F9CB43E51}D:\games\motogp 15\motogp15x64.exe] => (Allow) D:\games\motogp 15\motogp15x64.exe
FirewallRules: [{40A9C7D4-45E9-436B-B91D-6A5E1008A1F5}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{77E4EE6A-795F-4756-9652-70722139B010}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{925B1898-50FE-40CD-911F-BB577C8E8D8F}D:\games\valentino rossi the game\motogpvr46.exe] => (Allow) D:\games\valentino rossi the game\motogpvr46.exe
FirewallRules: [UDP Query User{957FED21-2AEF-4B3E-A580-D81A2A854878}D:\games\valentino rossi the game\motogpvr46.exe] => (Allow) D:\games\valentino rossi the game\motogpvr46.exe
FirewallRules: [{061E1C34-2189-4C7C-BCD5-217122828152}] => (Block) D:\games\valentino rossi the game\motogpvr46.exe
FirewallRules: [{4165A591-719D-4701-ABB0-E65A6EE75AE1}] => (Block) D:\games\valentino rossi the game\motogpvr46.exe
FirewallRules: [TCP Query User{A2D3A2A7-4580-49F7-880B-74FFCAAA486E}D:\games\pro evolution soccer 2016\pes2016.exe] => (Allow) D:\games\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{BCBDDC67-9B4E-45A2-8BCA-485A351C359B}D:\games\pro evolution soccer 2016\pes2016.exe] => (Allow) D:\games\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{6650D62D-6C27-4403-9C8E-1494E5C2B754}C:\users\russel\downloads\utorrent.exe] => (Allow) C:\users\russel\downloads\utorrent.exe
FirewallRules: [UDP Query User{3520F5FE-87D6-486F-A8F8-5150F40DF5F5}C:\users\russel\downloads\utorrent.exe] => (Allow) C:\users\russel\downloads\utorrent.exe
FirewallRules: [{85C9B9F5-512C-4831-9B18-F29AC7A524F7}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{81A8D37B-CC80-4AA6-BDB9-B14B570ACE0E}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B93454EF-E02D-4B62-B908-FE3758F75730}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{72B92FED-864E-40EE-A44F-8156B74C3D2B}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{B90063CF-55C1-4439-BF5B-BA2C52782981}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{32AFFE4C-19F2-4124-A7A5-9346E3125B32}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{4FE9E9A6-06A5-440D-AB4E-70E73C8CEDA1}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{686D244E-FF5A-4A24-A2DF-741926C18FFF}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{2AE0FEAE-C9D6-4C94-B236-5CA23A572CD1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{128CB9EA-05C8-4AD3-8C60-FCC33EE06E2D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0BED32DC-7BAF-4081-99AB-FCA087178391}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{C2C2FDF3-C8DC-441C-9861-31D15BE6A0E3}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{6640536C-5E28-4CA0-B9A9-F07DCE1E266E}D:\games\assetto corsa\acs.exe] => (Allow) D:\games\assetto corsa\acs.exe
FirewallRules: [{179A1EEE-7BD2-41FA-8D29-E618AEE97ACB}] => (Allow) C:\Users\Russel\AppData\Local\Temp\is-R25RH.tmp\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{78FD0F71-4257-4F1B-801D-1F32590B546B}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe
FirewallRules: [UDP Query User{B3D21943-C02C-41F5-98FE-CCBF92B691F3}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe
FirewallRules: [TCP Query User{52C68DD1-4DB4-477D-8430-26E31243C2DB}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{B2040994-B61C-43C9-9161-C70A8481F90B}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{65574CC1-5FF8-4BB6-ABED-3F44DC7FA297}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{A08E2467-D4FA-4E61-8DB7-FCCE7CA2E8CB}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{90FD48AD-FF61-4DC8-82C0-FAAC7D2D9D3C}] => (Allow) D:\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe
FirewallRules: [{2F16B231-EFE4-45E9-958E-5807ED58B5F8}] => (Allow) D:\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe
FirewallRules: [{850A86F2-A3E8-4AE9-9941-C101D40930B1}] => (Allow) D:\Steam\steamapps\common\Danganronpa 2 Goodbye Despair\Launcher.exe
FirewallRules: [{C1C05CB5-5C25-4341-B44F-F6D688F13701}] => (Allow) D:\Steam\steamapps\common\Danganronpa 2 Goodbye Despair\Launcher.exe
FirewallRules: [{54CCD9CA-BEDC-44B3-BC12-4E6A38B6FC5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{C9EAC38F-55E4-41F5-B9FB-82676AC477C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{C3122AAB-1AE1-4263-BA27-4901364909A6}D:\downloads\anime\really professional files\games\playhome - flashbangz\playhome - flashbangz\playhome64bit.exe] => (Allow) D:\downloads\anime\really professional files\games\playhome - flashbangz\playhome - flashbangz\playhome64bit.exe
FirewallRules: [UDP Query User{E052C99F-0B4E-4C80-85DA-361CE7133204}D:\downloads\anime\really professional files\games\playhome - flashbangz\playhome - flashbangz\playhome64bit.exe] => (Allow) D:\downloads\anime\really professional files\games\playhome - flashbangz\playhome - flashbangz\playhome64bit.exe
FirewallRules: [{FC38DC57-16EC-432C-9765-361B3EFF0458}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{BFFD5FB2-455E-4758-B49A-E2608392708C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{21916212-206B-4CA2-9D8E-EF38526C4AF3}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C498478F-A810-463C-B257-F76868185AF7}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{E5241F43-747B-4695-9ABE-793974CA6B55}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{8A963C68-53AE-4EF2-B79E-AF7EDB9B8D1D}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{BAF0775A-D759-4666-AECC-D2FE0CD2EE35}] => (Allow) D:\Steam\steamapps\common\WWE 2K18\WWE2K18_x64.exe
FirewallRules: [{9156332B-A36E-4AD3-AF7C-5067F675E4D5}] => (Allow) D:\Steam\steamapps\common\WWE 2K18\WWE2K18_x64.exe
FirewallRules: [{F00EC9DD-9008-4858-9694-5AE6AC3A2A83}] => (Allow) D:\Games\Need for Speed Payback\NeedForSpeedPaybackTrial.exe
FirewallRules: [{D4671CF3-C4BA-465F-8108-E2BB3B24B41F}] => (Allow) D:\Games\Need for Speed Payback\NeedForSpeedPaybackTrial.exe
FirewallRules: [{2363C76D-2109-43F6-B313-073B2FFA9B3C}] => (Allow) D:\Games\Need for Speed Payback\NeedForSpeedPayback.exe
FirewallRules: [{D4F8952C-425C-4A8F-BA8C-232D24302A86}] => (Allow) D:\Games\Need for Speed Payback\NeedForSpeedPayback.exe
FirewallRules: [{E8787A18-F208-40A7-A513-A931ED1391AD}] => (Allow) D:\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{B22BBD95-DA17-4814-8694-9A51435B852E}] => (Allow) D:\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{7C795251-47D3-4D83-97BE-63424254CC06}] => (Allow) D:\Steam\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{2392B0A6-7688-4DDE-82AA-14C4D4CAAAF1}] => (Allow) D:\Steam\steamapps\common\Dead Cells\deadcells.exe
FirewallRules: [{6D4BEFF4-791B-42C7-AF71-D6DBBD7EE282}] => (Allow) D:\Steam\steamapps\common\Dead Cells\deadcells_gl.exe
FirewallRules: [{267D7D1D-C3E6-45DC-9D31-DF4D76210B52}] => (Allow) D:\Steam\steamapps\common\Dead Cells\deadcells_gl.exe
FirewallRules: [{53631B5E-2BF7-4024-91F5-4EC13A2BB289}] => (Allow) D:\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{D7CC46E9-A57A-4529-926B-364687A74222}] => (Allow) D:\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{0C12AE79-72FF-4405-83FF-C316AA14D342}] => (Allow) D:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{09D12E05-E69D-420F-BCE5-7C9070D41BE2}] => (Allow) D:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{7AA7051C-4237-401D-A97E-844E3B931F42}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{758F7B28-9CF7-4469-BB90-8330A4328905}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{ED39CBD8-C164-4CA7-A4E4-EEE7E247DD98}] => (Allow) C:\Users\Russel\AppData\Local\Go!\Application\go.exe
FirewallRules: [TCP Query User{5E392CB9-23BE-4966-91C9-543369BD8D3C}D:\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) D:\steam\steamapps\common\terraria\tmodloaderserver.exe
FirewallRules: [UDP Query User{A9E6748C-AC2F-4C24-B425-14FCDF1E55A7}D:\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Allow) D:\steam\steamapps\common\terraria\tmodloaderserver.exe

==================== Herstelpunten =========================

AANDACHT: Systeemherstel is uitgeschakeld

==================== Defecte Apparaatbeheer Apparaten =============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (01/06/2018 06:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 626195ba-a5b6-48f4-aca8-75c3917c928e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: f14da85f-665d-4da8-afb8-bba006deb0fe
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: a78f5bcb-573f-47b2-9c1e-8a9020c39651
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: c326a679-5883-41ac-a174-d6b85fe9885f
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 3348c08a-58cf-40b7-921e-1d0c2aea3c21
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 49790ebf-d9f8-48bd-a3e1-c6c1cf203c97
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 3d174329-9141-45b8-994a-a59a8d70f9a4
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 65dee7cb-4483-4821-a6d4-a8f7d84c75ad
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: 48ea25b9-e7c6-41d1-8c8f-0e9826c0643e
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (01/06/2018 06:40:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 544222969.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e2d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x3004
Starttijd van toepassing met fout: 0x01d387155ca99cda
Pad naar toepassing met fout: C:\Users\Russel\AppData\Local\Temp\is-VAD0D.tmp\544222969.exe
Pad naar module met fout: unknown
Rapport-id: c20d56b4-b042-4242-ad76-4eb29f6b6fba
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:


Systeemfouten:
=============
Error: (01/06/2018 06:51:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (01/06/2018 06:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Origin Web Helper Service-service kan vanwege de volgende fout niet worden gestart:
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.

Error: (01/06/2018 06:37:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Origin Web Helper Service.

Error: (01/06/2018 06:36:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De USER_ESRV_SVC_QUEENCREEK-service is gestopt met de volgende foutcode:
%%497.

Error: (01/06/2018 06:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De GoogleChromeUpService-service kan vanwege de volgende fout niet worden gestart:
Toepassing GoogleChromeUpService kan niet worden uitgevoerd in Win32-modus.

Error: (01/06/2018 06:29:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

Error: (01/06/2018 06:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De SystemUsageReportSvc_QUEENCREEK-service kan vanwege de volgende fout niet worden gestart:
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.

Error: (01/06/2018 06:14:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: SystemUsageReportSvc_QUEENCREEK.

Error: (01/06/2018 06:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Origin Web Helper Service-service kan vanwege de volgende fout niet worden gestart:
De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord.

Error: (01/06/2018 06:14:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Origin Web Helper Service.


CodeIntegrity:
===================================
  Date: 2017-12-14 22:29:28.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:28.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:28.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-14 22:29:23.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.


==================== Geheugen info ===========================

Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage geheugen in gebruik: 42%
Totaal fysiek RAM-geheugen: 8097.91 MB
Beschikbaar fysiek RAM-geheugen: 4679.41 MB
Totaal Virtueel geheugen: 15265.91 MB
Beschikbaar Virtual geheugen: 11552.66 MB

==================== Schijven ================================

Drive c: (Acer) (Fixed) (Total:118.64 GB) (Free:9.88 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:58.36 GB) NTFS

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FA750D2D)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FA750D3F)

Partition: GPT.

==================== Eind van Addition.txt ============================


Edited by Chris Cosgrove, 06 January 2018 - 05:14 PM.
Duplicated topic deleted.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 07 January 2018 - 06:57 PM

Greetings Rishimaru and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please right click on FRST64, select Rename, then rename the file to FRST64english. Perform another FRST scan and copy/paste the reports in your reply without using quotes.


Edited by Oh My!, 07 January 2018 - 06:59 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 07 January 2018 - 08:58 PM

Thanks for the reply, Gary!

And yes, you are welcome to call me by my first name. Everyone likes to call me Russel.

 

Apologies for the dutch logs. Here are the english logs. Hope this'll do!

 

(I wasn't able to add the additions text to this reply, so I'll be adding them in as a file.)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Russel (administrator) on LAPTOP-77A4OP4C (08-01-2018 02:52:01)
Running from C:\Users\Russel\Downloads
Loaded Profiles: Russel (Available Profiles: Russel)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\AVGSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Scarlet.Crush Productions) D:\Scp\ScpService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Framework\Common\avgsvca.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe
(Copyright 2017.) D:\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Antivirus\avgui.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\Framework\Common\avguix.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe
(Scarlet.Crush Productions) D:\Scp\ScpTrayApp.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Spotify Ltd) C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Russel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Discord Inc.) C:\Users\Russel\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Russel\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Russel\AppData\Local\Discord\app-0.0.299\Discord.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClient.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUxRender.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\LeagueClientUxRender.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Russel\Downloads\FRST64English.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16484088 2016-08-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1430776 2016-08-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => D:\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => D:\AVG\Antivirus\AvLaunch.exe [302744 2017-10-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-13] ()
HKLM\...\Run: [ZAM] => D:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-05] (Intel)
HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [408576 2017-12-08] ()
HKLM-x32\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe [1685144 2017-11-09] (Solvusoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Discord] => C:\Users\Russel\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Spotify] => C:\Users\Russel\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-22] (Spotify Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [EvolveClient] => D:\Evolve\EvolveClient.exe [3334528 2017-07-16] (Echobit LLC)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [GameCompanion] => C:\Users\Russel\AppData\Roaming\GameCompanion\GameCompanion.exe [484408 2013-10-13] ()
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\...\Run: [Spotify Web Helper] => C:\Users\Russel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-22] (Spotify Ltd)
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2371856 2017-12-08] ()
HKLM\...\Providers\llfxvnw0: C:\Program Files (x86)\Atterryanehuch Cloud\local64spl.dll <==== ATTENTION
SSODL: EldosMountNotificator-cbfs6 - {67822A3C-A329-4BA1-9677-82410B580572} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {67822A3C-A329-4BA1-9677-82410B580572} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-07-30]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> D:\Scp\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-12-10]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Russel\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{280c41fa-fe00-48b0-ac16-c63b165c4dfd}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?rvt=1&pid=bcu
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://nl.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {08C346E6-7BC0-4359-BB00-87F426E879D3} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {E014A1F1-A814-4CEB-9927-0081210BB812} URL = hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: p2tadggk.default
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default [2018-01-08]
FF Homepage: Mozilla\Firefox\Profiles\p2tadggk.default -> google.nl/
FF NewTab: Mozilla\Firefox\Profiles\p2tadggk.default -> about:newtab
FF Extension: (BetterTTV) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\firefox@betterttv.net.xpi [2017-07-08]
FF Extension: (GaiaUpgrade) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\gaiaupgrade@gaiatools.com.xpi [2017-11-27]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2017-08-17] [Legacy]
FF Extension: (Google Translator for Firefox) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\translator@zoli.bod.xpi [2017-02-02] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\searchplugins\google-avast.xml [2017-02-24]
FF Extension: (Amazon 1Button App for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb@amazon.com [2016-11-18] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2016-11-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1422434549-3426595971-112725785-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Russel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR NewTab: ChromeDefaultData ->  Active:"chrome-extension://lfgkmlldjpjacgicdjmmgcboihbghpal/visual-bookmarks.html"
CHR Profile: C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-01-04] <==== ATTENTION
CHR Extension: (Google Presentaties) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-27]
CHR Extension: (Google Documenten) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-27]
CHR Extension: (Google Drive) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (YouTube) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Google Spreadsheets) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-27]
CHR Extension: (Offline Documenten) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Пульс) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal [2018-01-02]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27]
CHR Extension: (Gmail) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-24]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AVG Antivirus; D:\AVG\Antivirus\AVGSvc.exe [282536 2017-10-21] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; D:\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; D:\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-29] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 Ds3Service; D:\Scp\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-05] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-08-17] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 EvoSvc; D:\Evolve\EvoSvc.exe [1583488 2017-07-16] (Echobit LLC)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-31] () [File not signed] <==== ATTENTION
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 HasteUEService; C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe [1583912 2017-08-03] (Thalonet, Inc. (dba Haste))
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2017-10-17] (Popcorn Time) [File not signed]
S3 updater; D:\Scp\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-02-03] (Wacom Technology, Corp.)
R2 ZAMSvc; D:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [314640 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-10-21] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [140192 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1022288 2017-10-28] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [579584 2017-10-21] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [193768 2017-10-21] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [355856 2017-10-21] (AVG Technologies CZ, s.r.o.)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-08-03] (/n software, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-08] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-08-09] (Echobit, LLC)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-31] (REALiX™)
R3 IntcDMic; C:\WINDOWS\system32\DRIVERS\IntcDMic.sys [607344 2016-08-18] (Intel® Corporation)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2017-12-01] (hxxp://libusb-win32.sourceforge.net)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_d0cabc324ceaf0e9\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-05-27] (Synaptics Incorporated)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-08-03] (/n software, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R4 WinDivert1.2; C:\Program Files\Haste\Haste Esports Accelerator\WinDivert64.sys [39008 2017-08-03] (Basil)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-04] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 07:49 - 2018-01-07 07:49 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2018-01-07 05:01 - 2018-01-07 07:49 - 000000410 _____ C:\WINDOWS\Tasks\WinThruster64-Russel-Notification.job
2018-01-07 05:01 - 2018-01-07 07:49 - 000000402 _____ C:\WINDOWS\Tasks\WinThruster64-Russel-Startup.job
2018-01-07 05:01 - 2018-01-07 05:01 - 000003564 _____ C:\WINDOWS\System32\Tasks\WinThruster64-Russel-Notification
2018-01-07 05:01 - 2018-01-07 05:01 - 000002870 _____ C:\WINDOWS\System32\Tasks\WinThruster64-Russel-Startup
2018-01-07 05:01 - 2018-01-07 05:01 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Solvusoft
2018-01-07 05:01 - 2018-01-07 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2018-01-07 05:01 - 2018-01-07 05:01 - 000000000 ____D C:\Program Files\Solvusoft
2018-01-07 05:01 - 2018-01-07 05:01 - 000000000 ____D C:\Program Files (x86)\Solvusoft
2018-01-07 05:00 - 2018-01-07 05:01 - 000000000 ____D C:\ProgramData\Solvusoft
2018-01-07 05:00 - 2018-01-07 05:00 - 023195976 _____ (Solvusoft Corporation) C:\Users\Russel\Downloads\Setup_WinThruster_2017.exe
2018-01-07 00:13 - 2018-01-07 02:20 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\uTorrent
2018-01-06 19:06 - 2018-01-08 02:44 - 000117568 _____ C:\Users\Russel\Downloads\Addition.txt
2018-01-06 19:05 - 2018-01-08 02:52 - 000033101 _____ C:\Users\Russel\Downloads\FRST.txt
2018-01-06 19:01 - 2018-01-08 02:52 - 000000000 ____D C:\FRST
2018-01-06 19:00 - 2018-01-06 19:01 - 002393088 _____ (Farbar) C:\Users\Russel\Downloads\FRST64English.exe
2018-01-06 18:46 - 2018-01-06 18:52 - 000191280 _____ C:\TDSSKiller.3.1.0.15_06.01.2018_18.46.18_log.txt
2018-01-06 18:46 - 2018-01-06 18:46 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Russel\Downloads\tdsskiller.exe
2018-01-06 18:36 - 2018-01-06 18:36 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2018-01-06 18:14 - 2018-01-06 18:14 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2018-01-06 18:13 - 2018-01-06 18:13 - 000000072 ___SH C:\bootTel.dat
2018-01-06 17:24 - 2018-01-06 17:24 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2018-01-06 17:20 - 2018-01-06 17:20 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-01-06 17:19 - 2018-01-06 17:19 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-01-06 17:18 - 2018-01-06 17:19 - 038501592 _____ (EaseUS ) C:\Users\Russel\Downloads\epm.exe
2018-01-06 10:24 - 2018-01-06 10:24 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2018-01-06 07:29 - 2018-01-06 07:29 - 000000689 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2018-01-05 21:28 - 2018-01-05 21:28 - 000362812 _____ C:\Users\Russel\Downloads\skse_1_07_03_installer(1).exe
2018-01-05 08:20 - 2018-01-05 08:20 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2018-01-04 14:46 - 2018-01-04 14:46 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2018-01-04 14:41 - 2018-01-08 02:52 - 000895281 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-04 14:41 - 2018-01-08 02:52 - 000192212 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-04 14:41 - 2018-01-04 14:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-04 14:41 - 2018-01-04 14:41 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-04 14:41 - 2018-01-04 14:41 - 000000000 ____D C:\Users\Russel\AppData\Local\Zemana
2018-01-04 14:41 - 2018-01-04 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-04 14:38 - 2018-01-04 14:38 - 006625600 _____ (Zemana Ltd. ) C:\Users\Russel\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-03 22:21 - 2018-01-03 22:21 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2018-01-03 21:11 - 2018-01-03 21:11 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2018-01-03 19:14 - 2018-01-03 19:15 - 038858285 _____ (LOOT Team ) C:\Users\Russel\Downloads\LOOT Installer.exe-1918-0-12-1.exe
2018-01-03 14:13 - 2018-01-03 14:17 - 000000000 ____D C:\Users\Russel\AppData\Local\Skyrim Special Edition
2018-01-03 14:06 - 2018-01-03 14:08 - 281540277 _____ C:\Users\Russel\Downloads\edcb92-ivpack.oiv
2018-01-03 02:38 - 2018-01-03 02:38 - 000000791 _____ C:\Users\Public\Desktop\The Elder Scrolls - Skyrim - Special Edition.lnk
2018-01-02 22:59 - 2018-01-02 22:59 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2018-01-02 20:43 - 2018-01-02 20:43 - 000000000 ____D C:\Users\Russel\AppData\Local\Go!
2018-01-02 20:42 - 2018-01-08 02:13 - 000003398 _____ C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe
2018-01-02 20:42 - 2018-01-07 17:13 - 000003590 _____ C:\WINDOWS\System32\Tasks\yIpbU
2018-01-02 20:42 - 2018-01-02 20:42 - 000003708 _____ C:\WINDOWS\System32\Tasks\sUlOT
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fRvyJE.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000001124 _____ C:\WINDOWS\whdAdYapy
2018-01-02 20:42 - 2017-09-29 14:42 - 000001016 _____ C:\WINDOWS\SysWOW64\YOIEiWOjba
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ C:\Users\Russel\AppData\Local\YnETdiruisOTa
2018-01-01 02:59 - 2018-01-01 02:59 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2017-12-30 03:53 - 2017-12-30 03:53 - 000000000 ____D C:\Users\Russel\AppData\Local\KADOKAWA
2017-12-29 16:43 - 2017-12-29 16:45 - 000000000 ____D C:\Users\Russel\Documents\GTA Underground User Files
2017-12-29 14:57 - 2017-12-29 14:57 - 004535544 _____ C:\Users\Russel\Downloads\621_Ride_2_V1.00_Tr.zips
2017-12-28 13:14 - 2017-12-28 13:14 - 000000000 ____D C:\Users\Russel\AppData\Local\modloader
2017-12-28 13:14 - 2017-12-28 13:14 - 000000000 ____D C:\ProgramData\modloader
2017-12-28 12:27 - 2017-12-28 12:27 - 000007857 _____ C:\WINDOWS\unins000.dat
2017-12-28 12:27 - 2017-12-28 12:26 - 001202415 _____ C:\WINDOWS\unins000.exe
2017-12-28 12:26 - 2017-12-28 12:26 - 000894691 _____ (Seemann, Deji, Alien ) C:\Users\Russel\Downloads\CLEO4_setup.exe
2017-12-28 00:35 - 2017-12-28 00:35 - 000000000 ____D C:\Users\Russel\AppData\Local\Project_RH2_Standard_Bulid
2017-12-27 12:44 - 2017-12-27 12:44 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2017-12-27 10:31 - 2017-12-27 10:31 - 014383616 _____ C:\Users\Russel\Downloads\gta_sa.exe
2017-12-27 09:52 - 2017-12-27 09:52 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2017-12-26 20:18 - 2017-12-26 20:51 - 000000000 ____D C:\Users\Russel\AppData\Roaming\trainerv
2017-12-26 12:19 - 2017-12-26 12:19 - 000000469 _____ C:\Users\Public\Desktop\DiRT 4.lnk
2017-12-26 11:04 - 2017-12-26 11:04 - 000000669 _____ C:\Users\Russel\Desktop\GTA San Andreas V1.lnk
2017-12-26 10:49 - 2017-12-26 10:51 - 000000000 ____D C:\Users\Russel\Downloads\patches
2017-12-26 10:41 - 2017-12-26 10:41 - 000548804 _____ C:\Users\Russel\Downloads\xdelta3_x86.exe
2017-12-26 10:40 - 2017-12-26 10:40 - 002084864 _____ (RockstarNexus) C:\Users\Russel\Downloads\latest.exe
2017-12-25 19:43 - 2017-12-25 19:43 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2017-12-25 10:27 - 2017-12-25 10:27 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2017-12-24 22:08 - 2017-12-24 22:08 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2017-12-24 15:07 - 2017-12-24 15:21 - 000003584 _____ C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-23 16:47 - 2017-12-23 16:47 - 000002424 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2017-12-22 14:54 - 2017-12-22 14:54 - 000000222 _____ C:\Users\Russel\Desktop\Hyperdimension Neptunia Re;Birth1.url
2017-12-22 14:19 - 2017-12-22 14:19 - 000000222 _____ C:\Users\Russel\Desktop\Crypt of the NecroDancer.url
2017-12-22 09:57 - 2017-12-22 09:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2017-12-22 09:57 - 2017-12-22 09:57 - 000000000 ____D C:\Program Files\Common Files\avg
2017-12-22 09:52 - 2018-01-07 17:21 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-22 09:49 - 2017-12-22 09:49 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2017-12-21 22:22 - 2017-12-21 22:22 - 000000222 _____ C:\Users\Russel\Desktop\Dead Cells.url
2017-12-21 22:21 - 2017-12-21 22:21 - 000000222 _____ C:\Users\Russel\Desktop\Furi.url
2017-12-20 04:11 - 2017-12-20 04:12 - 281540223 _____ C:\Users\Russel\Downloads\822dfd-ivpack.oiv
2017-12-19 02:40 - 2017-12-19 02:40 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-12-19 02:38 - 2017-12-19 02:38 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2017-12-19 02:12 - 2017-12-19 02:12 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\YamanekoSoft
2017-12-19 01:52 - 2017-12-19 01:52 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-12-19 01:47 - 2017-12-19 01:49 - 000001008 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2017-12-19 01:47 - 2017-12-19 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-12-19 01:44 - 2017-12-19 01:45 - 215576728 _____ (Rockstar Games) C:\Users\Russel\Downloads\GTAV_Setup_Tool(1).exe
2017-12-19 01:42 - 2017-12-19 01:42 - 019981008 _____ (Rockstar Games.) C:\Users\Russel\Downloads\GTA_V_Launcher_1_0_1290_2.exe
2017-12-17 04:32 - 2017-12-17 04:32 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\DefaultCompany
2017-12-16 21:10 - 2017-12-16 21:10 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-12-16 21:08 - 2017-12-16 21:08 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-12-16 08:23 - 2017-12-16 08:23 - 000000000 ____D C:\Users\Russel\AppData\Local\Ruiner
2017-12-16 02:20 - 2017-12-16 02:20 - 000000222 _____ C:\Users\Russel\Desktop\WWE 2K18.url
2017-12-14 20:26 - 2017-12-14 20:26 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-12-13 19:07 - 2017-12-08 07:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:07 - 2017-12-08 00:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:07 - 2017-12-08 00:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 19:07 - 2017-12-08 00:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 19:07 - 2017-12-08 00:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:07 - 2017-12-08 00:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 19:07 - 2017-12-08 00:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 19:07 - 2017-12-08 00:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:07 - 2017-12-08 00:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 19:07 - 2017-12-08 00:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 19:07 - 2017-12-08 00:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 19:07 - 2017-12-08 00:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 19:07 - 2017-12-08 00:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 19:07 - 2017-12-08 00:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 19:07 - 2017-12-08 00:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 19:07 - 2017-12-08 00:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 19:07 - 2017-12-07 23:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-13 19:07 - 2017-12-07 23:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-13 19:07 - 2017-12-07 23:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:07 - 2017-12-07 23:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-13 19:07 - 2017-12-07 23:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-13 19:07 - 2017-12-07 23:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-13 19:07 - 2017-12-07 23:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-13 19:07 - 2017-12-07 23:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:07 - 2017-12-07 23:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 19:07 - 2017-12-07 23:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 19:07 - 2017-12-07 23:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 19:07 - 2017-12-07 23:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 19:07 - 2017-12-07 23:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:07 - 2017-12-07 23:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 19:07 - 2017-12-07 23:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 19:07 - 2017-12-07 23:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:07 - 2017-12-07 23:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:07 - 2017-12-07 23:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 19:07 - 2017-12-07 23:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 19:07 - 2017-12-07 23:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:07 - 2017-12-07 23:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:07 - 2017-12-07 23:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 19:07 - 2017-12-07 23:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 19:07 - 2017-12-07 23:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 19:07 - 2017-12-07 22:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:07 - 2017-12-07 22:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 19:07 - 2017-12-07 22:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 19:07 - 2017-12-07 22:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 19:07 - 2017-12-07 22:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 19:07 - 2017-12-07 22:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 19:07 - 2017-11-26 21:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:07 - 2017-11-26 21:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:07 - 2017-11-26 21:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:07 - 2017-11-26 17:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:07 - 2017-11-26 14:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 19:07 - 2017-11-26 14:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 19:07 - 2017-11-26 14:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:07 - 2017-11-26 14:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:07 - 2017-11-26 14:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 19:07 - 2017-11-26 14:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:07 - 2017-11-26 14:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:07 - 2017-11-26 14:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:07 - 2017-11-26 14:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:07 - 2017-11-26 14:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:07 - 2017-11-26 14:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:07 - 2017-11-26 14:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 19:07 - 2017-11-26 13:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:07 - 2017-11-26 13:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:07 - 2017-11-26 13:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 19:07 - 2017-11-26 13:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:07 - 2017-11-26 13:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:07 - 2017-11-26 13:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:07 - 2017-11-26 13:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 19:07 - 2017-11-26 13:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:07 - 2017-11-26 13:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:07 - 2017-11-26 13:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:07 - 2017-11-26 12:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 19:07 - 2017-11-26 12:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 19:07 - 2017-11-26 12:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:07 - 2017-11-26 12:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:07 - 2017-11-26 12:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:07 - 2017-11-26 11:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:07 - 2017-11-26 11:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:07 - 2017-11-26 11:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:07 - 2017-11-26 11:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 19:07 - 2017-11-26 11:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 19:07 - 2017-11-19 08:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:07 - 2017-11-19 03:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-13 19:06 - 2017-12-08 00:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:06 - 2017-12-08 00:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 19:06 - 2017-12-08 00:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 19:06 - 2017-12-08 00:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:06 - 2017-12-08 00:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:06 - 2017-12-08 00:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 19:06 - 2017-12-08 00:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:06 - 2017-12-08 00:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:06 - 2017-12-08 00:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:06 - 2017-12-08 00:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:06 - 2017-12-08 00:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 19:06 - 2017-12-08 00:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:06 - 2017-12-08 00:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:06 - 2017-12-08 00:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 19:06 - 2017-12-08 00:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:06 - 2017-12-08 00:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 19:06 - 2017-12-07 23:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:06 - 2017-12-07 23:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:06 - 2017-12-07 23:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:06 - 2017-12-07 23:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:06 - 2017-12-07 23:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-13 19:06 - 2017-12-07 23:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 19:06 - 2017-12-07 23:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:06 - 2017-12-07 23:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:06 - 2017-12-07 23:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:06 - 2017-12-07 23:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-13 19:06 - 2017-12-07 23:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:06 - 2017-12-07 23:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 19:06 - 2017-12-07 23:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:06 - 2017-12-07 23:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:06 - 2017-12-07 23:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:06 - 2017-12-07 23:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:06 - 2017-12-07 23:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 19:06 - 2017-12-07 23:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:06 - 2017-12-07 23:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:06 - 2017-12-07 23:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:06 - 2017-12-07 23:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:06 - 2017-12-07 23:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:06 - 2017-12-07 23:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:06 - 2017-12-07 23:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:06 - 2017-12-07 23:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:06 - 2017-12-07 23:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 19:06 - 2017-12-07 23:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:06 - 2017-12-07 23:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:06 - 2017-12-07 23:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:06 - 2017-12-07 22:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 19:06 - 2017-12-07 22:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:06 - 2017-12-07 22:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:06 - 2017-12-07 22:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:06 - 2017-12-07 22:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:06 - 2017-12-07 22:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 19:06 - 2017-12-07 22:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:06 - 2017-12-07 22:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-13 19:06 - 2017-11-26 14:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:06 - 2017-11-26 14:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:06 - 2017-11-26 14:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 19:06 - 2017-11-26 14:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-13 19:06 - 2017-11-26 14:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-13 19:06 - 2017-11-26 14:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 19:06 - 2017-11-26 14:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 19:06 - 2017-11-26 14:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 19:06 - 2017-11-26 14:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 19:06 - 2017-11-26 14:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:06 - 2017-11-26 14:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:06 - 2017-11-26 14:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:06 - 2017-11-26 14:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:06 - 2017-11-26 14:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:06 - 2017-11-26 14:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 19:06 - 2017-11-26 14:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:06 - 2017-11-26 14:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:06 - 2017-11-26 14:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:06 - 2017-11-26 14:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:06 - 2017-11-26 14:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 19:06 - 2017-11-26 14:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:06 - 2017-11-26 14:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:06 - 2017-11-26 14:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:06 - 2017-11-26 14:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:06 - 2017-11-26 14:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:06 - 2017-11-26 14:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:06 - 2017-11-26 14:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:06 - 2017-11-26 14:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 19:06 - 2017-11-26 14:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 19:06 - 2017-11-26 13:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:06 - 2017-11-26 13:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:06 - 2017-11-26 13:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:06 - 2017-11-26 13:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:06 - 2017-11-26 13:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:06 - 2017-11-26 13:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:06 - 2017-11-26 13:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:06 - 2017-11-26 13:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:06 - 2017-11-26 13:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:06 - 2017-11-26 13:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:06 - 2017-11-26 13:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:06 - 2017-11-26 13:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:06 - 2017-11-26 13:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 19:06 - 2017-11-26 13:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 19:06 - 2017-11-26 13:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:06 - 2017-11-26 13:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:06 - 2017-11-26 13:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:06 - 2017-11-26 13:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:06 - 2017-11-26 13:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:06 - 2017-11-26 13:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:06 - 2017-11-26 13:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 19:06 - 2017-11-26 13:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 19:06 - 2017-11-26 13:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:06 - 2017-11-26 13:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:06 - 2017-11-26 13:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 19:06 - 2017-11-26 13:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:06 - 2017-11-26 13:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 19:06 - 2017-11-26 13:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:06 - 2017-11-26 13:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:06 - 2017-11-26 13:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:06 - 2017-11-26 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:06 - 2017-11-26 13:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 19:06 - 2017-11-26 13:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:06 - 2017-11-26 12:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:06 - 2017-11-26 12:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:06 - 2017-11-26 12:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:06 - 2017-11-26 12:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:06 - 2017-11-26 12:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:06 - 2017-11-26 12:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:06 - 2017-11-26 12:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:06 - 2017-11-26 12:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:06 - 2017-11-26 12:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:06 - 2017-11-26 12:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:06 - 2017-11-26 12:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:06 - 2017-11-26 11:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 19:06 - 2017-11-26 11:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:06 - 2017-11-26 11:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:06 - 2017-11-26 11:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:06 - 2017-11-26 11:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:06 - 2017-11-26 11:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:06 - 2017-11-26 11:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:06 - 2017-11-26 11:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:06 - 2017-11-26 11:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:06 - 2017-11-26 11:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-13 19:06 - 2017-11-26 11:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:06 - 2017-11-26 11:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:06 - 2017-11-26 11:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:06 - 2017-11-26 11:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:06 - 2017-11-26 11:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:06 - 2017-11-26 11:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:06 - 2017-11-26 11:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:06 - 2017-11-26 11:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:06 - 2017-11-26 11:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-12 01:47 - 2017-12-12 01:47 - 000000000 ____D C:\Users\Russel\Downloads\PopcornTime
2017-12-12 01:47 - 2017-12-12 01:47 - 000000000 ____D C:\Users\Russel\AppData\Local\PopcornTime
2017-12-12 01:46 - 2017-12-12 01:57 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2017-12-12 01:45 - 2017-12-12 01:46 - 052289552 _____ (Popcorn Time ) C:\Users\Russel\Downloads\PopcornTime-latest.exe
2017-12-11 06:40 - 2017-12-11 06:42 - 346613007 _____ C:\Users\Russel\Downloads\e4c3f8-Rims_Install2.4b.oiv
2017-12-11 01:23 - 2017-12-11 01:23 - 263377831 _____ C:\Users\Russel\Downloads\L.A Vegetation.oiv
2017-12-10 16:14 - 2018-01-07 17:31 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2017-12-10 16:14 - 2017-12-10 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2017-12-10 16:13 - 2017-12-10 16:17 - 000002524 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-12-10 16:13 - 2017-12-10 16:13 - 009119336 _____ (Intel) C:\Users\Russel\Downloads\Intel Driver and Support Assistant Installer(1).exe
2017-12-10 16:13 - 2017-12-10 16:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-12-10 16:05 - 2017-12-10 16:13 - 000000000 ____D C:\Program Files\Intel Driver and Support Assistant
2017-12-10 16:04 - 2017-12-10 16:04 - 009119336 _____ (Intel) C:\Users\Russel\Downloads\Intel Driver and Support Assistant Installer.exe
2017-12-10 02:13 - 2017-12-10 02:13 - 000001132 _____ C:\Users\Russel\Desktop\MEGAsync.lnk
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\Documents\MEGA
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-12-10 02:13 - 2017-12-10 02:13 - 000000000 ____D C:\Users\Russel\AppData\Local\MEGAsync
2017-12-10 02:12 - 2017-12-10 02:12 - 014976440 _____ (MEGA Limited) C:\Users\Russel\Downloads\MEGAsyncSetup(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-08 02:39 - 2016-06-08 19:17 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-08 02:38 - 2016-06-06 22:17 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Spotify
2018-01-08 02:15 - 2016-06-08 20:57 - 000000000 ____D C:\Users\Russel\AppData\Local\CrashDumps
2018-01-08 02:00 - 2016-06-08 01:08 - 000000000 ____D C:\Users\Russel\AppData\Local\Adobe
2018-01-08 01:06 - 2016-11-19 02:37 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\Mozilla
2018-01-08 00:03 - 2016-06-06 22:20 - 000000000 ____D C:\Users\Russel\AppData\Local\Spotify
2018-01-07 18:04 - 2017-12-01 15:14 - 000003628 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-01-07 17:47 - 2017-12-01 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-07 17:47 - 2016-11-17 08:54 - 000000000 ____D C:\Users\Russel\AppData\Roaming\discord
2018-01-07 17:17 - 2017-12-01 15:19 - 002662844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-07 17:17 - 2017-09-30 15:32 - 001236382 _____ C:\WINDOWS\system32\perfh013.dat
2018-01-07 17:17 - 2017-09-30 15:32 - 000285110 _____ C:\WINDOWS\system32\perfc013.dat
2018-01-07 17:11 - 2017-07-09 09:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-07 17:10 - 2017-12-01 15:09 - 000000000 ____D C:\Users\Russel
2018-01-07 17:10 - 2016-06-06 20:45 - 000000000 __SHD C:\Users\Russel\IntelGraphicsProfiles
2018-01-07 07:49 - 2017-12-01 15:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-07 07:49 - 2017-12-01 15:07 - 000664168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-07 05:54 - 2017-12-01 15:14 - 000004200 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{544BB1BF-DDE1-4AFE-B7D8-3924D260FC9F}
2018-01-07 05:30 - 2016-06-15 00:49 - 000000000 ____D C:\Users\Russel\AppData\Roaming\vlc
2018-01-07 02:20 - 2016-06-06 21:09 - 000000000 ____D C:\Users\Russel\AppData\Roaming\uTorrent
2018-01-06 19:49 - 2017-08-04 20:45 - 000000000 ____D C:\Users\Russel\AppData\Local\LogMeIn Hamachi
2018-01-06 18:36 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-06 18:24 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-06 16:40 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-06 16:36 - 2017-12-01 15:14 - 000004242 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-01-06 02:28 - 2017-06-12 06:00 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Origin
2018-01-06 02:28 - 2016-06-13 20:23 - 000000000 ____D C:\ProgramData\Origin
2018-01-05 15:49 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-05 15:48 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-05 01:28 - 2017-03-18 16:40 - 000000000 ____D C:\Users\Russel\Documents\RIDE 2 PORTFOLIO
2018-01-04 22:26 - 2016-10-31 16:46 - 000000000 ____D C:\Users\Russel\Documents\Parallel
2018-01-04 14:34 - 2017-12-04 18:15 - 000000000 ____D C:\Users\Russel\AppData\Roaming\PlaysTV
2018-01-03 21:48 - 2017-09-29 00:13 - 000000000 ____D C:\Users\Russel\Documents\Screenshots
2018-01-03 19:23 - 2017-10-31 22:25 - 000000000 ____D C:\Users\Russel\AppData\Local\LOOT
2018-01-03 19:16 - 2017-10-31 22:25 - 000000545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2018-01-03 17:05 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-03 16:25 - 2017-09-27 19:53 - 000000000 ____D C:\Users\Russel\Documents\Nexus Mod Manager
2018-01-03 14:13 - 2016-06-07 19:01 - 000000000 ____D C:\Users\Russel\Documents\My Games
2018-01-02 22:59 - 2016-07-20 01:57 - 000000000 ____D C:\Users\Russel\AppData\Local\Unity
2018-01-02 20:44 - 2017-01-31 08:16 - 000000000 ____D C:\Program Files (x86)\Atigpydecick
2018-01-02 20:43 - 2016-07-20 01:57 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\Unity
2018-01-02 20:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-02 20:42 - 2016-06-12 21:41 - 000000262 __RSH C:\ProgramData\ntuser.pol
2018-01-02 04:18 - 2017-05-08 06:02 - 000000000 ____D C:\Users\Russel\AppData\Roaming\obs-studio
2017-12-31 23:29 - 2017-12-03 12:21 - 000001456 _____ C:\Users\Russel\AppData\Local\Adobe Opslaan voor web 13.0 Prefs
2017-12-30 00:30 - 2016-06-11 20:31 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Skype
2017-12-28 13:17 - 2016-06-12 12:59 - 000000000 ____D C:\Users\Russel\Documents\GTA San Andreas User Files
2017-12-27 00:04 - 2017-12-01 15:14 - 000003548 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-27 00:04 - 2017-12-01 15:14 - 000003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-12-27 00:04 - 2016-06-14 19:46 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-25 22:24 - 2016-06-08 19:23 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-22 09:52 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-22 09:49 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-21 05:27 - 2017-06-12 06:00 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-19 07:01 - 2017-07-09 09:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-19 07:00 - 2017-12-01 15:14 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-12-01 15:14 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-19 07:00 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-19 01:54 - 2016-07-09 14:31 - 000000000 ____D C:\Users\Russel\Documents\Rockstar Games
2017-12-19 01:54 - 2016-07-09 14:31 - 000000000 ____D C:\Users\Russel\AppData\Local\Rockstar Games
2017-12-18 06:27 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-16 08:23 - 2017-09-07 20:31 - 000000000 ____D C:\Users\Russel\AppData\Local\UnrealEngine
2017-12-15 16:07 - 2017-05-15 08:15 - 000000000 ____D C:\Users\Russel\Downloads\Telegram Desktop
2017-12-15 16:07 - 2016-10-26 12:23 - 000000000 ____D C:\Users\Russel\AppData\Roaming\Telegram Desktop
2017-12-14 23:43 - 2017-12-05 02:10 - 000000000 ____D C:\Users\Russel\AppData\Local\LolScreenSaver
2017-12-14 20:27 - 2017-12-01 15:27 - 000000000 ___RD C:\Users\Russel\3D Objects
2017-12-14 20:27 - 2016-04-27 07:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-14 20:25 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2017-12-14 20:25 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-14 16:36 - 2017-12-01 15:09 - 000000000 ____D C:\Users\Russel\AppData\Local\Packages
2017-12-13 19:12 - 2016-06-07 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 19:10 - 2017-10-11 15:46 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 19:10 - 2016-06-07 19:40 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 19:08 - 2017-09-29 14:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-12-13 19:08 - 2017-09-29 14:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-12-13 19:08 - 2017-09-29 14:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-12-13 19:08 - 2017-09-29 14:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-12-13 10:57 - 2016-06-13 15:30 - 000000034 _____ C:\Users\Russel\AppData\Roaming\AdobeWLCMCache.dat
2017-12-13 07:21 - 2017-12-07 21:06 - 000001822 _____ C:\Users\Russel\Desktop\League Displays.lnk
2017-12-13 07:21 - 2016-06-07 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-12-12 22:41 - 2017-12-01 15:14 - 000004496 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 22:41 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 22:41 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 18:11 - 2017-08-21 18:35 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-12 18:11 - 2017-08-21 18:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-12 01:25 - 2016-07-27 05:49 - 000000000 ____D C:\Users\Russel\AppData\Local\Rockstar_Games
2017-12-12 00:02 - 2016-11-17 08:54 - 000000000 ____D C:\Users\Russel\AppData\Local\Discord
2017-12-11 02:12 - 2017-12-01 15:14 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1422434549-3426595971-112725785-1001
2017-12-11 02:12 - 2016-06-06 20:47 - 000002390 _____ C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-11 02:12 - 2016-06-06 20:47 - 000000000 ___RD C:\Users\Russel\OneDrive
2017-12-10 19:03 - 2017-06-19 18:13 - 000000000 ____D C:\Users\Russel\AppData\Roaming\BetterDiscord
2017-12-10 19:00 - 2017-11-30 09:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-10 16:13 - 2017-07-09 09:30 - 000000000 ____D C:\Program Files\Intel
2017-12-10 16:13 - 2015-11-18 05:36 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-10 16:06 - 2016-06-20 22:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-12-10 16:06 - 2015-11-18 05:37 - 000000000 ____D C:\ProgramData\Intel
2017-12-09 02:33 - 2016-07-27 04:54 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-01-31 08:13 - 2017-01-31 08:34 - 001620992 _____ () C:\ProgramData\service.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL
2017-09-29 14:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL.bat
2016-06-13 15:30 - 2017-12-13 10:57 - 000000034 _____ () C:\Users\Russel\AppData\Roaming\AdobeWLCMCache.dat
2017-11-28 15:18 - 2017-11-28 15:19 - 000000600 _____ () C:\Users\Russel\AppData\Roaming\winscp.rnd
2017-12-03 12:21 - 2017-12-31 23:29 - 000001456 _____ () C:\Users\Russel\AppData\Local\Adobe Opslaan voor web 13.0 Prefs
2017-12-24 15:07 - 2017-12-24 15:21 - 000003584 _____ () C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-09 15:45 - 2016-07-09 15:45 - 000000094 _____ () C:\Users\Russel\AppData\Local\fusioncache.dat
2016-09-14 12:27 - 2016-09-14 13:12 - 000000600 _____ () C:\Users\Russel\AppData\Local\PUTTY.RND
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ () C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa
2017-09-29 14:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat

Some files in TEMP:
====================
2018-01-06 00:39 - 2018-01-06 00:39 - 000388425 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\231174032.exe
2018-01-03 19:59 - 2018-01-03 19:59 - 000388407 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\271394290.exe
2018-01-02 20:41 - 2018-01-02 20:42 - 002575544 _____ () C:\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-01 11:08

==================== End of FRST.txt ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 10:39 AM

Greetings Russel.

Your computer is highly infected so I want to be aggressive from the start. There are a number of suspicious entries I have included in my list of things to be removed. I would request you review the list and if there appears to be something legitimate that is listed please stop and let me know. We can modify the list.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Please download and install Revo Uninstaller Free
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
WinThruster
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • When prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, then Finish
  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Providers\llfxvnw0: C:\Program Files (x86)\Atterryanehuch Cloud\local64spl.dll 
C:\Program Files (x86)\Atterryanehuch Cloud
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {08C346E6-7BC0-4359-BB00-87F426E879D3} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default
CHR Profile: C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Пульс) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal [2018-01-02]
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-31] () [File not signed]
C:\ProgramData\service.exe
C:\WINDOWS\system32\default_error_stack*.txt
2018-01-06 18:13 - 2018-01-06 18:13 - 000000072 ___SH C:\bootTel.dat
2018-01-02 20:42 - 2018-01-08 02:13 - 000003398 _____ C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe
2018-01-02 20:42 - 2018-01-07 17:13 - 000003590 _____ C:\WINDOWS\System32\Tasks\yIpbU
2018-01-02 20:42 - 2018-01-02 20:42 - 000003708 _____ C:\WINDOWS\System32\Tasks\sUlOT
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fRvyJE.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000001124 _____ C:\WINDOWS\whdAdYapy
2018-01-02 20:42 - 2017-09-29 14:42 - 000001016 _____ C:\WINDOWS\SysWOW64\YOIEiWOjba
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ C:\Users\Russel\AppData\Local\YnETdiruisOTa
2018-01-02 20:43 - 2018-01-02 20:43 - 000000000 ____D C:\Users\Russel\AppData\Local\Go!
2017-12-30 03:53 - 2017-12-30 03:53 - 000000000 ____D C:\Users\Russel\AppData\Local\KADOKAWA
2017-12-26 20:18 - 2017-12-26 20:51 - 000000000 ____D C:\Users\Russel\AppData\Roaming\trainerv
2017-12-17 04:32 - 2017-12-17 04:32 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\DefaultCompany
2018-01-03 19:23 - 2017-10-31 22:25 - 000000000 ____D C:\Users\Russel\AppData\Local\LOOT
2018-01-02 20:44 - 2017-01-31 08:16 - 000000000 ____D C:\Program Files (x86)\Atigpydecick
2018-01-02 20:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL
2017-09-29 14:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL.bat
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ () C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa
2017-09-29 14:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat
2018-01-06 00:39 - 2018-01-06 00:39 - 000388425 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\231174032.exe
2018-01-03 19:59 - 2018-01-03 19:59 - 000388407 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\271394290.exe
2018-01-02 20:41 - 2018-01-02 20:42 - 002575544 _____ () C:\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe
CustomCLSID: HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0982A78FF6A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
Task: {16477E6B-3444-4F6B-B935-C1C62EF82488} - \MailRuUpdater
Task: {1F678FA9-6209-4515-B672-8EAF5D8596A6} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {21BB92C2-5E35-4A70-84DD-37594EAAE8E1} - System32\Tasks\yIpbU => C:\Program Files (x86)\Common Files\oAaOtulaOL.bat [2017-09-29] () 
Task: {404D0674-23C9-4158-853F-8F3E569C0FE4} - System32\Tasks\GetNetworkInfo => C:\Users\Russel\AppData\Local\Temp\setdebug.exe 
Task: {62AE8127-0493-4A97-834A-768C81CD636D} - System32\Tasks\bvyvbvyf => C:\Users\Russel\AppData\Local\bvyvbvyf\bvyvbvyf.exe 
Task: {938B8D92-323A-42EA-B185-F6BEAAF2CACA} - System32\Tasks\sUlOT => C:\Program Files (x86)\FxUapOWu.exe [2017-09-29] (Microsoft Corporation) 
C:\Program Files (x86)\FxUapOWu.exe
Task: {9C077902-D391-4171-BB55-03BCCD54FD6B} - System32\Tasks\{E7C8E835-361A-4814-9145-84B19CC22FC2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\tbTecB2ldn\uninstall.exe"
C:\Program Files (x86)\tbTecB2ldn
Task: {E513C0C3-9C79-4458-A6D2-994F30C568B0} - System32\Tasks\AOOcRuIHiAeIe => C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat [2017-09-29] () 
C:\Users\Russel\AppData\Local\Temp\is-U4HAS.tmp
C:\Users\Russel\AppData\Local\Project_RH2_Standard_Bulid
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uninstall Winthruster?
  • Fixlog
  • Update on computer behavior

Edited by Oh My!, 08 January 2018 - 10:44 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 08 January 2018 - 11:27 AM

Hello Gary.

 

I've downloaded Revo Uninstaller as you suggested and was able to find WinThruster. Except, it seems like Revo wasn't able to uninstall it and the steps it had to take to delete the files were different than you suggested. Either way, I've found the files and manually deleted them myself.

(Question; was there a reason why WinThruster was needed to be uninstalled?)

 

It seems like everything is going well. Thanks a ton also! The cmd seems to be gone from appearing every now and so then, you are literally a godsend! Thank you so much.

Here is the fixlog you requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Russel (08-01-2018 17:05:08) Run:1
Running from C:\Users\Russel\Downloads
Loaded Profiles: Russel (Available Profiles: Russel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Providers\llfxvnw0: C:\Program Files (x86)\Atterryanehuch Cloud\local64spl.dll
C:\Program Files (x86)\Atterryanehuch Cloud
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {08C346E6-7BC0-4359-BB00-87F426E879D3} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-1422434549-3426595971-112725785-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default
CHR Profile: C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Пульс) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal [2018-01-02]
CHR HKLM-x32\...\Chrome\Extension: [lfgkmlldjpjacgicdjmmgcboihbghpal] - hxxps://clients2.google.com/service/update2/crx
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-31] () [File not signed]
C:\ProgramData\service.exe
C:\WINDOWS\system32\default_error_stack*.txt
2018-01-06 18:13 - 2018-01-06 18:13 - 000000072 ___SH C:\bootTel.dat
2018-01-02 20:42 - 2018-01-08 02:13 - 000003398 _____ C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe
2018-01-02 20:42 - 2018-01-07 17:13 - 000003590 _____ C:\WINDOWS\System32\Tasks\yIpbU
2018-01-02 20:42 - 2018-01-02 20:42 - 000003708 _____ C:\WINDOWS\System32\Tasks\sUlOT
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fRvyJE.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\FxUapOWu.exe
2018-01-02 20:42 - 2017-09-29 14:42 - 000001124 _____ C:\WINDOWS\whdAdYapy
2018-01-02 20:42 - 2017-09-29 14:42 - 000001016 _____ C:\WINDOWS\SysWOW64\YOIEiWOjba
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ C:\Users\Russel\AppData\Local\YnETdiruisOTa
2018-01-02 20:43 - 2018-01-02 20:43 - 000000000 ____D C:\Users\Russel\AppData\Local\Go!
2017-12-30 03:53 - 2017-12-30 03:53 - 000000000 ____D C:\Users\Russel\AppData\Local\KADOKAWA
2017-12-26 20:18 - 2017-12-26 20:51 - 000000000 ____D C:\Users\Russel\AppData\Roaming\trainerv
2017-12-17 04:32 - 2017-12-17 04:32 - 000000000 ____D C:\Users\Russel\AppData\LocalLow\DefaultCompany
2018-01-03 19:23 - 2017-10-31 22:25 - 000000000 ____D C:\Users\Russel\AppData\Local\LOOT
2018-01-02 20:44 - 2017-01-31 08:16 - 000000000 ____D C:\Program Files (x86)\Atigpydecick
2018-01-02 20:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL
2017-09-29 14:42 - 2017-09-29 14:42 - 000000060 _____ () C:\Program Files (x86)\Common Files\oAaOtulaOL.bat
2018-01-02 20:42 - 2018-01-02 20:42 - 000000001 _____ () C:\Users\Russel\AppData\Local\WMI.ini
2018-01-02 20:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa
2017-09-29 14:42 - 2017-09-29 14:42 - 000000050 _____ () C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat
2018-01-06 00:39 - 2018-01-06 00:39 - 000388425 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\231174032.exe
2018-01-03 19:59 - 2018-01-03 19:59 - 000388407 _____ (                                                            ) C:\Users\Russel\AppData\Local\Temp\271394290.exe
2018-01-02 20:41 - 2018-01-02 20:42 - 002575544 _____ () C:\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe
CustomCLSID: HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0982A78FF6A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
Task: {16477E6B-3444-4F6B-B935-C1C62EF82488} - \MailRuUpdater
Task: {1F678FA9-6209-4515-B672-8EAF5D8596A6} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {21BB92C2-5E35-4A70-84DD-37594EAAE8E1} - System32\Tasks\yIpbU => C:\Program Files (x86)\Common Files\oAaOtulaOL.bat [2017-09-29] ()
Task: {404D0674-23C9-4158-853F-8F3E569C0FE4} - System32\Tasks\GetNetworkInfo => C:\Users\Russel\AppData\Local\Temp\setdebug.exe
Task: {62AE8127-0493-4A97-834A-768C81CD636D} - System32\Tasks\bvyvbvyf => C:\Users\Russel\AppData\Local\bvyvbvyf\bvyvbvyf.exe
Task: {938B8D92-323A-42EA-B185-F6BEAAF2CACA} - System32\Tasks\sUlOT => C:\Program Files (x86)\FxUapOWu.exe [2017-09-29] (Microsoft Corporation)
C:\Program Files (x86)\FxUapOWu.exe
Task: {9C077902-D391-4171-BB55-03BCCD54FD6B} - System32\Tasks\{E7C8E835-361A-4814-9145-84B19CC22FC2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\tbTecB2ldn\uninstall.exe"
C:\Program Files (x86)\tbTecB2ldn
Task: {E513C0C3-9C79-4458-A6D2-994F30C568B0} - System32\Tasks\AOOcRuIHiAeIe => C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat [2017-09-29] ()
C:\Users\Russel\AppData\Local\Temp\is-U4HAS.tmp
C:\Users\Russel\AppData\Local\Project_RH2_Standard_Bulid
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\llfxvnw0" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order llfxvnw0" => not found
"C:\Program Files (x86)\Atterryanehuch Cloud" => not found
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08C346E6-7BC0-4359-BB00-87F426E879D3}" => removed successfully
HKLM\Software\Classes\CLSID\{08C346E6-7BC0-4359-BB00-87F426E879D3} => key not found
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => removed successfully
HKLM\Software\Classes\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => removed successfully
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default => path removed successfully
FF ProfilePath: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\p2tadggk.default\Profiles\p2tadggk.default => path removed successfully
"CHR Profile: C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData" => not found
CHR Extension: (Пульс) - C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal [2018-01-02] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfgkmlldjpjacgicdjmmgcboihbghpal" => removed successfully
"HKLM\System\CurrentControlSet\Services\GoogleChromeUpService" => removed successfully
GoogleChromeUpService => service removed successfully
C:\ProgramData\service.exe => moved successfully

=========== "C:\WINDOWS\system32\default_error_stack*.txt" ==========

C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000006-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000007-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000008-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000009-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000010-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000011-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000012-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000013-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000014-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000015-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000016-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000017-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000018-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000019-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000020-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000021-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000022-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000023-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000024-000000.txt => moved successfully

========= End -> "C:\WINDOWS\system32\default_error_stack*.txt" ========

C:\bootTel.dat => moved successfully
C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe => moved successfully
C:\WINDOWS\System32\Tasks\yIpbU => moved successfully
C:\WINDOWS\System32\Tasks\sUlOT => moved successfully
C:\Users\Russel\AppData\Local\WMI.ini => moved successfully
C:\WINDOWS\SysWOW64\fRvyJE.exe => moved successfully
C:\Program Files (x86)\FxUapOWu.exe => moved successfully
C:\WINDOWS\whdAdYapy => moved successfully
C:\WINDOWS\SysWOW64\YOIEiWOjba => moved successfully
C:\Users\Russel\AppData\Local\YnETdiruisOTa => moved successfully
C:\Users\Russel\AppData\Local\Go! => moved successfully
C:\Users\Russel\AppData\Local\KADOKAWA => moved successfully
C:\Users\Russel\AppData\Roaming\trainerv => moved successfully
C:\Users\Russel\AppData\LocalLow\DefaultCompany => moved successfully
C:\Users\Russel\AppData\Local\LOOT => moved successfully
C:\Program Files (x86)\Atigpydecick => moved successfully
C:\Program Files (x86)\Common Files\oAaOtulaOL => moved successfully
C:\Program Files (x86)\Common Files\oAaOtulaOL.bat => moved successfully
"C:\Users\Russel\AppData\Local\WMI.ini" => not found
"C:\Users\Russel\AppData\Local\YnETdiruisOTa" => not found
C:\Users\Russel\AppData\Local\YnETdiruisOTa.bat => moved successfully
C:\Users\Russel\AppData\Local\Temp\231174032.exe => moved successfully
C:\Users\Russel\AppData\Local\Temp\271394290.exe => moved successfully
C:\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe => moved successfully
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0982A78FF6A}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => invalid subkey removed.
HKLM\Software\Classes\CLSID\ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => invalid subkey removed.
HKLM\Software\Classes\CLSID\ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => invalid subkey removed.
HKLM\Software\Classes\CLSID\ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16477E6B-3444-4F6B-B935-C1C62EF82488} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16477E6B-3444-4F6B-B935-C1C62EF82488}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F678FA9-6209-4515-B672-8EAF5D8596A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F678FA9-6209-4515-B672-8EAF5D8596A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21BB92C2-5E35-4A70-84DD-37594EAAE8E1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21BB92C2-5E35-4A70-84DD-37594EAAE8E1}" => removed successfully
"C:\WINDOWS\System32\Tasks\yIpbU" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\yIpbU" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{404D0674-23C9-4158-853F-8F3E569C0FE4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{404D0674-23C9-4158-853F-8F3E569C0FE4}" => removed successfully
C:\WINDOWS\System32\Tasks\GetNetworkInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GetNetworkInfo" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62AE8127-0493-4A97-834A-768C81CD636D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62AE8127-0493-4A97-834A-768C81CD636D}" => removed successfully
C:\WINDOWS\System32\Tasks\bvyvbvyf => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvyf" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938B8D92-323A-42EA-B185-F6BEAAF2CACA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938B8D92-323A-42EA-B185-F6BEAAF2CACA}" => removed successfully
"C:\WINDOWS\System32\Tasks\sUlOT" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sUlOT" => removed successfully
"C:\Program Files (x86)\FxUapOWu.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C077902-D391-4171-BB55-03BCCD54FD6B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C077902-D391-4171-BB55-03BCCD54FD6B}" => removed successfully
C:\WINDOWS\System32\Tasks\{E7C8E835-361A-4814-9145-84B19CC22FC2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E7C8E835-361A-4814-9145-84B19CC22FC2}" => removed successfully
"C:\Program Files (x86)\tbTecB2ldn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E513C0C3-9C79-4458-A6D2-994F30C568B0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E513C0C3-9C79-4458-A6D2-994F30C568B0}" => removed successfully
"C:\WINDOWS\System32\Tasks\AOOcRuIHiAeIe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AOOcRuIHiAeIe" => removed successfully
C:\Users\Russel\AppData\Local\Temp\is-U4HAS.tmp => moved successfully
C:\Users\Russel\AppData\Local\Project_RH2_Standard_Bulid => moved successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Toegang geweigerd.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{E18FDDD4-16B1-495C-BE8E-EFDAF2B31B04} canceled.
{7591A070-9DD3-432D-BA99-8A8D47709CEA} canceled.
{0DEAF83D-F0B5-4204-A779-B1B1D9FDD87C} canceled.
{D9208578-0175-4BA7-872F-2D60073F9D32} canceled.
{7F960AD3-B18E-4199-B5BF-1BF038A3FC2B} canceled.
{CD4E90EA-6C5E-408C-A4BC-48826ACE2878} canceled.
{D77383D3-2A55-4FBA-A83C-AAFDDCA559DE} canceled.
7 out of 7 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1422434549-3426595971-112725785-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62398880 B
Java, Flash, Steam htmlcache => 302967531 B
Windows/system/drivers => 3361428 B
Edge => 909636 B
Chrome => 453149 B
Firefox => 462598932 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 21218 B
NetworkService => 0 B
Russel => 1538775858 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:12:16 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 12:01 PM

Greetings Russel.

Thank you for the information about Revo, I will take a look at my instructions.

With a computer as compromised as yours was I tend to clean out everything that is not essential to give us the best shot at restoring your system.

Please do these things.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 08 January 2018 - 05:33 PM

Hello Gary, thanks for your fast respond.

 

The logs from ESET contains files from my D disk. I would like to keep those files.

 

Here are the logs.

 

# AdwCleaner 7.0.6.0 - Logfile created on Mon Jan 08 17:45:24 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: Update service


***** [ Folders ] *****

Deleted: C:\Users\Russel\AppData\Local\SearchProtect
Deleted: C:\ProgramData\DriverSetupUtility
Deleted: C:\ProgramData\Application Data\DriverSetupUtility
Deleted: C:\Program Files\DriverSetupUtility
Deleted: C:\Users\All Users\DriverSetupUtility
Deleted: C:\Users\Russel\AppData\Local\bvyvbvyf
Deleted: C:\Users\Public\Pokki
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\ProgramData\Solvusoft
Deleted: C:\ProgramData\Application Data\Solvusoft
Deleted: C:\Program Files (x86)\Solvusoft
Deleted: C:\Users\All Users\Solvusoft
Deleted: C:\Users\Russel\AppData\Roaming\Solvusoft
Deleted: C:\Program Files (x86)\ORBTR


***** [ Files ] *****

Deleted: C:\Windows\System32\\kz.exe
Deleted: C:\Windows\SysWOW64\\kz.exe
Deleted: C:\END
Deleted: C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\p2tadggk.default\jetpack\abb@amazon.com


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\SearchProtect
Deleted: [Key] - HKLM\SOFTWARE\jhdbca
Deleted: [Key] - HKU\.DEFAULT\Software\jhdbca
Deleted: [Key] - HKU\S-1-5-18\Software\jhdbca
Deleted: [Key] - HKLM\SOFTWARE\jhtrsq
Deleted: [Key] - HKU\.DEFAULT\Software\jhtrsq
Deleted: [Key] - HKU\S-1-5-18\Software\jhtrsq
Deleted: [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Search Page [https:\\mysearch.avg.com\search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [https:\\mysearch.avg.com\?rvt=1&pid=bcu]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar [https:\\mysearch.avg.com\?rvt=1&pid=bcu]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [https:\\mysearch.avg.com\?rvt=1&pid=bcu]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [https:\\mysearch.avg.com\search?rvt=1&sap=dsp&pid=bcu&mid=BAA26D74-E20F-4C2D-A443-0434D7CAFB77&q={searchTerms}]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar [https:\\mysearch.avg.com\?rvt=1&pid=bcu]
Deleted: [Key] - HKU\.DEFAULT\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-18\Software\UpgSvr
Deleted: [Key] - HKCU\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKLM\SOFTWARE\SPPDCOM
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\powerpack
Deleted: [Key] - HKCU\Software\powerpack
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\AutoTime
Deleted: [Key] - HKCU\Software\AutoTime
Deleted: [Key] - HKLM\SOFTWARE\youndooSoftware
Deleted: [Key] - HKLM\SOFTWARE\trotuxSoftware
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\SNDA
Deleted: [Key] - HKCU\Software\SNDA
Deleted: [Key] - HKLM\SOFTWARE\b`nl{y
Deleted: [Key] - HKU\.DEFAULT\Software\b`nl{y
Deleted: [Key] - HKU\S-1-5-18\Software\b`nl{y
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Value] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|MailRuUpdater
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CommonToolkitTray_Solvusoft
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\KuaiZipSFX
Deleted: [Key] - HKCU\Software\KuaiZipSFX
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\KuaiZip
Deleted: [Key] - HKCU\Software\KuaiZip
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\.DEFAULT\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-18\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted: [Key] - HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted: [Key] - HKLM\SOFTWARE\Solvusoft
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Solvusoft
Deleted: [Key] - HKCU\Software\Solvusoft
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
Deleted: [Key] - HKLM\SOFTWARE\ORBTR
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\dlr
Deleted: [Key] - HKCU\Software\dlr
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Installer
Deleted: [Key] - HKCU\Software\Installer
Deleted: [Key] - HKLM\SOFTWARE\OtherSearch
Deleted: [Key] - HKLM\SOFTWARE\Speedchecker Limited
Deleted: [Key] - HKU\S-1-5-21-1422434549-3426595971-112725785-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

Plugin deleted: __MSG_appName__ -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8710 B] - [2018/1/8 17:44:43]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

C:\AdwCleaner\Quarantine\bbSqWy6yhK\Tray\AutoInstall\DM.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\bbSqWy6yhK\Tray\Updates\TKTRAY-DM\DM.exe    a variant of Win32/SlowPCfighter.A potentially unwanted application    cleaned by deleting
C:\AdwCleaner\Quarantine\exuieaoEiI\WinThruster\InstallCache\{DC9009F8-98BE-4E75-B77D-B839CA8C8EC3}\WinThruster.msi    a variant of Win64/SlowPCFighter.A potentially unwanted application    deleted
C:\FRST\Quarantine\C\Users\Russel\AppData\Local\Temp\231174032.exe.xBAD    a variant of Win32/Adware.FileTour.FGK.gen application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Russel\AppData\Local\Temp\271394290.exe.xBAD    a variant of Win32/Adware.FileTour.FGK.gen application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Russel\AppData\Local\Temp\3qrdzowerr.exe.xBAD    a variant of Win32/MailRu.D potentially unwanted application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Russel\AppData\Local\Temp\is-U4HAS.tmp\4AABD143    a variant of Win32/Adware.FileTour.FGG application    cleaned by deleting
C:\FRST\Quarantine\C\Users\Russel\AppData\Local\Temp\is-U4HAS.tmp\B7622654    Win32/Adware.FileTour.FFN application    cleaned by deleting
C:\Users\Russel\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Cache\f_0001f9    JS/Adware.Revizer.A application    deleted
C:\Users\Russel\Downloads\621_Ride_2_V1.00_Tr.zips    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted
C:\Users\Russel\Downloads\epm.exe    a variant of Win32/FusionCore.P potentially unwanted application    cleaned by deleting
C:\Users\Russel\Downloads\Setup_WinThruster_2017.exe    a variant of Win32/SlowPCfighter potentially unwanted application    cleaned by deleting
C:\Windows\Installer\23bf640.msi    a variant of Win64/SlowPCFighter.A potentially unwanted application    deleted
D:\Downloads\Mods\MotoGP 17\Updates\MotoGP.17.Update.1-CODEX\skidrowgamesreloaded.com\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\MotoGP 17\Updates\MotoGP.17.Update.2-CODEX\skidrowgamesreloaded.com\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\RIDE\Ride 2 V1.00 Trainer +3 MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\RIDE\updates\codex-ride.2.update.v20161116.incl.dlc\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\RIDE\updates\codex-ride.2.update.v20170104.dlc\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\RIDE\updates\codex-ride.2.update.v20170224.dlc\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\TES\Updates\codex-the.elder.scrolls.v.skyrim.special.edition.upd.1.4\Update\setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\VRTG\Updates\codex-valentino.rossi.the.game.update.20160713\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Downloads\Mods\VRTG\Updates\codex-valentino.rossi.the.game.update.v20161128.incl.dlc\Update\Setup.exe    a variant of Win32/HackTool.Crack.ES potentially unsafe application    cleaned by deleting
D:\Games\DiRT 4\NoDVD\RELOADED\steam_api64.dll    a variant of Win64/HackTool.Crack.H potentially unsafe application    cleaned by deleting
D:\Games\RUINER\Engine\Binaries\ThirdParty\Steamworks\Steamv139\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    cleaned by deleting
D:\Games\Senran Kagura Shinovi Versus\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    cleaned by deleting
D:\Games\The Sims 4\Game\Bin\RldOrigin.dll    a variant of Win32/HackTool.Crack.DK potentially unsafe application    cleaned by deleting
D:\Steam\steamapps\common\PAYDAY 2\IPHLPAPI.dll    Win32/GameHack.BFG potentially unsafe application    cleaned by deleting
 

Result of Security Analysis by Rocket Grannie (x86) Updated: 29th December, 2017
Running from:C:\Users\Russel\Desktop (23:32:33 - 01/08/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - Not up to Date)
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - Not up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.126)
Google Chrome (63.0.3239.84)
Java (8.0.1210.13) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (57.0)
Opera () ==> is out of Date

***----------------Analysis Complete-------------------------***



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 08:42 PM

Thanks for the information.

No problem on keeping the stuff ESET detected.

We need to update a couple of programs.

===================================================

Updating Java Using Internet Explorer

-------------------

Note: Use Internet Explorer for these steps.
  • Click Start, type Internet Explorer, then hit Enter
  • Copy and paste http://java.com/en/download/testjava.jsp in the address bar then hit Enter
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Click Run
  • Click Install
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

If you are going to use or leave Opera on your computer you should download the newest version.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Java update?
  • Opera update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 08 January 2018 - 08:55 PM

Hello Gary.

 

I've updated Java through Internet Explorer as you requested and it's up to date!

It seems like Rocket Grannie somehow found Opera on my laptop, which I don't have installed at all. Is this process needed or can we skip it?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 08:59 PM

No need to address Opera.

Looks like we have taken care of things. Do you have any questions or concerns before I post some tool clean up instructions and final things to consider?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 08 January 2018 - 09:08 PM

No questions or concerns.

 

Now I want to thank you a ton, Gary. You are literally a godsend. Thanks again!

 

As a side note. I've been aware of malicious malware and virusses in the past before and now fully understand whether something is malicious or not. So I'm probably fine considering the way you've helped me throughout the few days.

I just felt really stupid contracting one on my laptop thinking it was an actual .exe file.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 09:11 PM

Very good Russel. I don't think all of what we removed was the result of one .exe file. There was a lot of junk on your computer which is very common.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Rishimaru

Rishimaru
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Haarlem
  • Local time:02:49 AM

Posted 08 January 2018 - 09:22 PM

Thanks Gary.

I will now move on and be more cautious towards dangerous links and other malicious stuff in the future, the links provided seem very helpful and I will definetly take a gander at them.

 

Was a pleasure talking to you, Gary. Ciao!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 08 January 2018 - 10:11 PM

It was great working with you. Thanks for being so quick to reply, I really did appreciate it.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 10 January 2018 - 10:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users