Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC being used a Coin miner, Trojan Found but can't remove.


  • This topic is locked This topic is locked
12 replies to this topic

#1 c0up51er

c0up51er

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 19 January 2018 - 06:18 PM

Hi Everyone,

 

I'm fairly new to the site, and was wondering if any of you could give me a hand with an issue i'm having.

 

Around a week ago i noticed my PC's CPU usage staying sky high at around 85/90% usage when on idle with only basic windows applications running. (Used rainmeter monitor to spot it)

 

When i open task manager the usage drops back down to around 3% as it typically should be, then when i close task manager it shoots back up to the high percentage.

 

After using my antivirus (Total-AV) religiously and having it quarantine a new file every time i start up my PC, I found the application in my windows temps folder, deleted it and all corresponding files in the same folder with it, and my CPU was back to normal, and i thought i had fixed it. 

 

Upon turning my PC on the next day, i found the problem was still there and that the application and its corresponding files in the temps folder simply renamed themselves. I did a full system scan with AVG and it removed the files yet the same problem persists every time i shutdown and startup my PC.

 

I used the website "https://www.virustotal.com" to scan the application and it returned with several warnings of malware, Trojans, and Miners. I have attached the link to my file scan at the bottom, alongside my FRST.txt file.

 

I then downloaded MBAM to run alongside my Anitvirus and found that i can't even launch it, whatever is in my system has blocked me from launching the program.

 

I'm not sure what else to put as this is the first time i've ever had to make a post reagrding anything like this online, If any of you could request more information i'd be more than happy to give it to you.

 

https://www.virustotal.com/#/file/81e33351f48bfc6cdee48644db7efafb209a7d71fe0c01e238ff378528b71763/detection

 

PC Specs attached.

 

Attached File  Pc Specs.txt   227bytes   2 downloads

Attached File  FRST_19-01-2018 22.11.43.txt   80.99KB   4 downloads

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 19 January 2018 - 07:17 PM

Hi c0up51er :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 c0up51er

c0up51er
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 19 January 2018 - 11:25 PM

Thanks for getting back to me, Aura :) 

 

I ran MBAR and it completed its scan successfully, reported 99 Trojan items, and removed them with no issue.

I then performed a second scan (just a habit i have when it comes to things like this.) And it came back with no issues.

 

I've pasted both logs below for you, separated by a dashed line, oldest first:

 

 
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2018.01.20.02
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.192.16299.0
Josh :: DESKTOP-RP2SKNQ [administrator]
 
20/01/2018 04:05:21
mbar-log-2018-01-20 (04-05-21).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 250940
Time elapsed: 4 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 94
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [283ab30da51241f51f1b8315e41d03fd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8ad82e92c8ef7eb862224358ca373fc1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0e54b30d793e280ef7831781f50cb848]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [233f744c378064d2ac00b7e2e41ddc24]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7be7279945726ec8ef86d4c59f62c13f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [87db922e5a5de35361e65f3bc140b848]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9fc318a8edcae2541155b9e2f90805fb]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [91d1fbc54d6af04634a8891146bbb64a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e082417fe6d141f5f7c5a6f14ab744bc]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9dc5229e843344f2c216dfba9f62dd23]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4e14c9f7dcdb2f077f79fd9df110fb05]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b2b0ecd4ab0cad89689dc6d504fd20e0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f270e5db3d7ae650d6637721926f0000]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aab8a11fa90e77bfddfd4d4d7889f907]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d58d645c3c7b82b46aff74264fb221df]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [dd856759c4f340f66e559efac33ed12f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [77ebe6da02b5db5b37bf7623cf32728e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6bf716aa1d9a4cea5331ccce8c7554ac]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [560ca51b00b7ea4cf16f257504fde11f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7ae86e527d3ad6606a4148513ec3857b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d78b8d33467157df1d937a21000107f9]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cc966957c3f406305e5f0594857cd22e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d2906858f3c4c96dbf2a7b1ee41d659b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6df5437d86317eb89bab9efd0100c739]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2d359e22fcbb91a50821f8a38a7716ea]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e979546cdadd56e0d2a200992dd435cb]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0f53ffc1853240f6c1c2d2c8d9284bb5]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1e444e729b1c73c3d456bfdbdc256997]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8dd5269ab502c0767ad979225fa26a96]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4f1300c074430f271912732727da619f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2c369a265364bc7a59c1b2e9bc45a45c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7de5d9e7f6c1d4623cf94555ed14e020]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aeb4368a1f98ac8a69b2ff9ca55c28d8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aeb4bc0416a195a18bda7d1e7e832bd5]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f56d5a6602b5c076841133683ac733cd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3c26e1dfa5120630f47456443dc4c23e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fe64ebd52b8c1422efa8f1a9d92815eb]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [352dc6fa2c8b3ef8da9cf8a37e8358a8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [84dead13833481b50b77d0c9d52c6c94]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e37f338d8d2a221467ea7f1a7889837d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1949a020288f45f1f7d7920438c9d12f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f36fb0109e197fb7d32bacecf80930d0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [77ebdae6437431058c2c2d6d679a9868]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [461cf7c940778da9b625e7b3d22fcf31]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fc6669579621023498ed6f2bc53c956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{037EBEBE-17BE-454F-96FA-B4A5AD26C3FD} (Trojan.Agent.Generic) -> Delete on reboot. [9bc71da3724512246aabcf9a06fb1ae6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6ECBE977-B8FE-4B96-AF15-E0164BBE9F74} (Trojan.Agent.Generic) -> Delete on reboot. [a0c2566aab0c40f65cb93f2a50b11ae6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\21287q55855B44282H99998 (Trojan.Agent.Generic) -> Delete on reboot. [253d17a9754279bde10478f0e31e05fb]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\52902q49011B33122H97779 (Trojan.Agent.Generic) -> Delete on reboot. [84de992713a4f73f21c489dff20fc43c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b0b2caf65d5ab77f37031880728f5ba5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cd954e7264531f17bbc9b2e9629fd030]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a0c2c5fbe8cf5dd97901623642bfdb25]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4022f2ce7b3c90a67d2f8c0df1108878]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [362c7848f7c0f2446e07b6e38d74db25]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7de58d33a215cd69242309917a87a35d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [342ee6daa0171c1a69fd6833a35eda26]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [134f417f9225181e4498dfbb41c008f8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b2b0cef24e69cc6accf0b7e0aa572bd5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3a28e3dd5b5c9f97f1e7bfdadd24de22]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9cc6c3fd5d5a41f553a5dbbf58a9c43c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a5bd8a36dcdbe254788d3665a160629e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [20421ca4764170c60237940460a10bf5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3c2608b8892e4de94e8c64368b76d22e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [332f1da34a6d90a677f244560cf5a858]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d191aa1609ae0135774c88100cf55aa6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e280813f1d9a5adc9e587029b150a957]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1949962ae8cf4cea6e16683260a1c33d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [94ce219f5c5b6fc7f26ee4b610f113ed]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2e34b60a9720b086d7d46d2cdf22c937]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [540e5d63fdbaa393565a1289e41d27d9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [035fa41c75428da904b97821ab56ba46]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [451d5a6603b440f667825643af5228d8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [075b48780ea947ef4cfab8e3d32e31cf]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2e34853b991eaf87f3366c2fed14738d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [eb776f510daa0630462e1881c8399b65]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8ed41ea21c9b3402f58ed3c79e639f61]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [abb75a66dfd8f34347e30b8f5da453ad]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0e54aa165c5b5bdba8abb3e8956cf808]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e47e1ba505b24beb79b2a0fa18e91be5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2e348040dadd6ec8c1591d7eb1502ed2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [baa88e32d8dffb3b89ac4e4c6d94ed13]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4a189c24b10686b025f64556ba47fa06]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aab8764ac4f35cda6ff6ebb053ae649c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c89a07b91a9d63d31184e0bbb24f748c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [baa83e82c9ee64d2f96f4f4b6a97f30d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ee743e820cab0f271384990117eaa15f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [560c13ad6c4b1620492dd3c85fa2c937]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [78ea47793c7b38fe84fed4c5c53c639d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [352dbb05b9fe191d5100a4f59a6723dd]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5012447cf4c360d6ece2385e34cd51af]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d78b7947a90ead899b63e8b00ff2f10f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [97cba11f189f84b2892f2e6c659c7e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [085a8838ad0a9a9c3aa1ceccbe430000]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e08239876f48072fa9dc5248e819e61a]
 
Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{037EBEBE-17BE-454F-96FA-B4A5AD26C3FD}|Path (Trojan.Agent.Generic) -> Data: \52902q49011B33122H97779 -> Delete on reboot. [9bc71da3724512246aabcf9a06fb1ae6]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6ECBE977-B8FE-4B96-AF15-E0164BBE9F74}|Path (Trojan.Agent.Generic) -> Data: \21287q55855B44282H99998 -> Delete on reboot. [a0c2566aab0c40f65cb93f2a50b11ae6]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\ProgramData\21287q55855B44282H99998\21287q55855B44282H99998.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [6ef4d8e8dbdcd6608454ed4efd04936d]
C:\Windows\System32\Tasks\21287q55855B44282H99998 (Trojan.Agent.Generic) -> Delete on reboot. [66fc2e9297207eb8986481e7847d45bb]
C:\Windows\System32\Tasks\52902q49011B33122H97779 (Trojan.Agent.Generic) -> Delete on reboot. [d48e754bded9ab8b18e491d79e63f10f]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2018.01.20.02
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.192.16299.0
Josh :: DESKTOP-RP2SKNQ [administrator]
 
20/01/2018 04:18:31
mbar-log-2018-01-20 (04-18-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 250068
Time elapsed: 4 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 20 January 2018 - 10:43 AM

Awesome :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 c0up51er

c0up51er
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 21 January 2018 - 01:19 PM

That went through fine, no issues at all through MBAM. I've pasted the log below :) 

 

---------------------------------------

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/21/18
Scan Time: 5:06 PM
Log File: 5adcbe68-fecd-11e7-9811-2c4d54d3a3c3.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3749
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: DESKTOP-RP2SKNQ\Josh
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332237
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 39 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 22 January 2018 - 08:05 AM

Good :) Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 c0up51er

c0up51er
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 22 January 2018 - 02:14 PM

Done, all threats found through both products were removed successfully. :)
I did, however, think it quite funny how they all hate Total AV and want it removing xD
 
Here are the reports;
 
-----------------------------------------------------------------------
 
RogueKiller V12.12.1.0 (x64) [Jan 22 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Josh [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/22/2018 14:35:45 (Duration : 00:15:20)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUP.PCProtect] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bb1f2ab5-f7a9-4a55-a307-402f61bd35cb} | DhcpNameServer : 172.20.10.1 ([])  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 6 ¤¤¤
[PUP.PCProtect][File] C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk [LNK@] C:\PROGRA~2\TotalAV\TotalAV.exe -> Deleted
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Deleted
[PUP.PCProtect][Folder] C:\Users\Josh\AppData\Roaming\TotalAV -> Deleted
[PUP.PCProtect][File] C:\Users\Josh\AppData\Roaming\TotalAV\2.2.0\avira32redist.zip -> Deleted
[PUP.PCProtect][Folder] C:\Users\Josh\AppData\Roaming\TotalAV\2.2.0 -> Deleted
[PUP.PCProtect][File] C:\Users\Josh\AppData\Roaming\TotalAV\vdf_1516021746.zip -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Service_KMS.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\cache\cache.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows\cache -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\data.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV -> Removed at reboot [91]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\AppConfig.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\avgio.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\AviraLib.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\bins\subinacl.exe -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\bins -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\brand.json -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Community.CsharpSqlite.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Community.CsharpSqlite.SQLiteClient.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\account.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\addon.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\avconfig.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\certs.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\details.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\driver.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\gcld -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\idpro.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\onaccesscacheitems.dict -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\prefs.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\sdet.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\ui.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\data\vpn_locations.jdat -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\data -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\de -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\DotNetZip.dll -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\DotRas -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\devcon.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\OemWin2k.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\tap0901.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\tap0901.map -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\tap0901.pdb -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\amd64\tap0901.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\driver\amd64 -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\devcon.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\OemWin2k.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\tap0901.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\tap0901.map -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\tap0901.pdb -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\driver\i386\tap0901.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\driver\i386 -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\driver -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Engine.Win.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Engine.Win.dll.config -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\es -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\fr -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Hardcodet.Wpf.TaskbarNotification.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\HtmlAgilityPack.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Ibt.Ortc.Api.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Ibt.Ortc.Api.Extensibility.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Ibt.Ortc.Plugin.IbtRealTimeSJ.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\installoptions.jdat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Interop.IWshRuntimeLibrary.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Interop.NetFwTypeLib.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Ionic.Zip.dll -> Removed at reboot [5]
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\it -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\json -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\lib_SCAPI.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\LinqBridge.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\locale\de_DE.mo -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\locale\es_ES.mo -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\locale\fr_FR.mo -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\locale\it_IT.mo -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\locale\pt_PT.mo -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\locale -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\main.log -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\savapi.log -> Removed at reboot [20]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\security_service.log -> Removed at reboot [20]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\service-1516021807.logc -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\service-1516398071.logc -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\logs\service_install.log -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\logs -> Removed at reboot [91]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Manifest\chrome-manifest.json -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Manifest\firefox-manifest.json -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\Manifest -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Microsoft.VC90.CRT.manifest -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\msvcm90.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\msvcp120.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\msvcp90.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\msvcr120.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\msvcr90.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Newtonsoft.Json.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\libeay32.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\liblzo2-2.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\libpkcs11-helper-1.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\openvpn.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\openvpnserv.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\openvpn_down.bat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\openvpn_up.bat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ovpn\ssleay32.dll -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\ovpn -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\PasswordExtension.Win.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\PasswordExtension.Win.exe.config -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\PasswordManager.Tests.Desktop.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\pwm.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\queues\teq1okwy.t42.queue -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\queues\vlgah4ab.3yi.queue -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\queues -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\account-info.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\adblock-background.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\adblock-tile-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-expired-icon-adblock.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-expired-icon-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-expired-icon-pwd-vault.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-expired-icon-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-promo-icon-adblock.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-promo-icon-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-promo-icon-pwd-vault.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\addon-promo-icon-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\apc-popup-document.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\apc-popup-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\balloon_error_icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\balloon_info_icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-chrome.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-chrome30.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-chrome60.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-edge.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-edge30.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-firefox.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-firefox30.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-firefox60.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-ie.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-opera.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-opera30.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\browser-icon-safari.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\btn-icon-arrow.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\btn-icon-curved-arrow.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\btn-icon-loading.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\circular-tick-icon-white16.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\circular-tick-icon-white24.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\computer-error.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\dashbutton-pwd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\dashbutton-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\default-application-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\default-favicon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\default-path-selection-file.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\default-path-selection-folder.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\devices-expired.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\devices-no-licences-free.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\early-renewal-icon-computer.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\facebook-thumb.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ad.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ad@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ad_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ae.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ae@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ae_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_af.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_af@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_af_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ag.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ag@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ag_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_al.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_al@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_al_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_am.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_am@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_am_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ar.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ar@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ar_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_at.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_at@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_at_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_au.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_au@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_au_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_az.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_az@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_az_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ba.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ba@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ba_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bb.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bb@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bb_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bd@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bd_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_be.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_be@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_be_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bf.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bf@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bf_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bh.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bh@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bh_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bi.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bi@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bi_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bj.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bj@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bo@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bo_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_br.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_br@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_br_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bs.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bs@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_by.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_by@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_by_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_bz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ca.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ca@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ca_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cd@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cd_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cf.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cf@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cf_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ch.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ch@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ch_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ci.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ci@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ci_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cl.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cl@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cl_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_co.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_co@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_co_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cu.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cu@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cu_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cv_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cy@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cy_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_cz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_de.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_de@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_de_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dj.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dj@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dj_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_do.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_do@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_do_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_dz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ec.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ec@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ec_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ee.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ee@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ee_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_eg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_eg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_eg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_er.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_er@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_er_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_es.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_es@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_es_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_et.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_et@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_et_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fi.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fi@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fi_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fj.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fj@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fj_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_fr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ga.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ga@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ga_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gb.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gb@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gb_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gd@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gd_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ge.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ge@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ge_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gh.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gh@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gh_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gq.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gq@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gq_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gy@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_gy_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ht.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ht@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ht_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hu.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hu@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_hu_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_id.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_id@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_id_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ie.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ie@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ie_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_il.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_il@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_il_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_in.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_in@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_in_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_iq.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_iq@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_iq_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ir.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ir@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ir_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_is.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_is@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_is_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_it.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_it@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_it_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jo@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jo_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jp.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jp@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_jp_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ke.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ke@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ke_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kh.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kh@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kh_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ki.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ki@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ki_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_km.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_km@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_km_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kp.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kp@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kp_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_kz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_la.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_la@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_la_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lb.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lb@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lb_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lc.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lc@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lc_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_li.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_li@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_li_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ls.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ls@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ls_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lu.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lu@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lu_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_lv_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ly.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ly@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ly_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ma.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ma@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ma_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mc.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mc@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mc_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_md.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_md@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_md_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_me.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_me@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_me_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mh.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mh@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mh_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ml.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ml@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ml_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mu.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mu@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mu_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mv_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mx.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mx@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mx_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_my.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_my@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_my_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_mz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_na.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_na@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_na_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ne.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ne@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ne_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ng.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ng@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ng_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ni.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ni@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ni_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nl.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nl@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nl_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_no.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_no@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_no_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_np.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_np@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_np_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_nz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_om.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_om@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_om_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pa.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pa@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pa_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pe.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pe@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pe_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ph.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ph@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ph_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pl.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pl@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pl_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_pw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_py.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_py@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_py_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_qa.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_qa@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_qa_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ro.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ro@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ro_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rs.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rs@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rs_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ru.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ru@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ru_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_rw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sa.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sa@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sa_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sb.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sb@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sb_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sc.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sc@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sc_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sd@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sd_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_se.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_se@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_se_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_si.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_si@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_si_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sk.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sk@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sk_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sl.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sl@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sl_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_so.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_so@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_so_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ss.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ss@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ss_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_st.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_st@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_st_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sv_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sy@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sy_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_sz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_td.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_td@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_td_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tg@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tg_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_th.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_th@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_th_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tj.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tj@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tj_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tl.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tl@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tl_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_to.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_to@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_to_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tr.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tr@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tr_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tt.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tt@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tt_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tv.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tv@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tv_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tw_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_tz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ua.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ua@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ua_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ug.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ug@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ug_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_us.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_us@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_us_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uy@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uy_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uz.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uz@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_uz_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_va.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_va@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_va_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vc.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vc@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vc_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ve.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ve@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ve_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vn@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vn_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vu.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vu@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_vu_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ws.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ws@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ws_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ye.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ye@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_ye_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_za.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_za@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_za_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zm.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zm@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zm_large@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zw.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zw@2x.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\flags\flag_zw_large@2x.png -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\resources\flags -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\generic-loading.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\generic-upgrade-adblock.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\generic-upgrade-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\generic-upgrade-pwd-vault.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\generic-upgrade-vpn-eye.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-antivirus.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-applications.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-browser-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-duplicates.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-exclamation.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-file-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-firewall.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-junk-shredder.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-manage-scans.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-quarantine.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-quick-scan.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-realtime-protection.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-settings.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-startup-programs.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-system-boost.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-system-scan.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-icon-web-security.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\header-title-id-protect-suffix.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\help-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\hourglass.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\icon.ico -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-intro-icon-child.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-intro-icon-financial.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-intro-icon-personal.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-intro-icon-social.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-court-records.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-credit.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-cross.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-facebook-btn-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-facebook.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-instagram-btn-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-instagram.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-insurance.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-linkedin-btn-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-linkedin.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-social.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-ssn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-twitter-btn-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-twitter.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-wallet.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\id-protect-item-web.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\idprotect-tile-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-adblock.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-msg-star.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-pwd-vault.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-ticket.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-buy-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-failed-payment.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\in-app-failed-support.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\inapp-purchase-logo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\info-icon-win.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\laptop.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\login-background.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\login-lightbox-number-bg.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\login-lightbox-tick-small.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\login-lightbox-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\login-logo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\logo-toolbar-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\logo-toolbar.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\malware-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\map.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-antivirus.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-dashboard.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-disk-cleaner.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-file-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-firewall.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-pwd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-system-boost.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\menu-icon-web-security.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\mini-speedo-needle.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\new-features-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\payment-confirmation-quarantine-speedo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\product-box.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\progress-thumb-exclamation.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\progress-thumb-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pua-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\public-wifi-notification.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-change-password.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-chrome-import-arrow.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-chrome-import.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-delete-trashcan.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-ext-lock-gen-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-ext-locked.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-ext-unlocked.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-footer-addnew.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-footer-browser-extension.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-indicator-locked.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-indicator-unlocked.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-lightbox-copy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-lightbox-generate.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-lightbox-hide.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-lightbox-view.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-copy.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-delete.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-edit.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-hide.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-pwd.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-user.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-list-view.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-search-cancel.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-search-magnifier.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-vault-intro.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\pwd-vault-lightbox.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\realtime-flash.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\red_speedo.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-account-expired.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-bow.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-clock.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-gift-generic.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-gift-licence.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-gift-support.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-gift-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-hourglass.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-megaphone.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-shield.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\renewal-timer.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\settings-cog.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\success-icon-green-small.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\thumb-down.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\thumb-up.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\thumb-up128.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\thumb-up64.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-antivirus.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-applications-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-applications.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-battery-saver.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-browser-manager-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-browser-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-disk-cleaner.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-duplicates-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-duplicates.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-file-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-firewall-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-firewall.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-id-protect.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-information.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-junk-shredder.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-manage-scans.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-quarantine-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-quarantine.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-quick-scan-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-quick-scan.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-realtime-protection-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-realtime-protection.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-redundant-files.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-shredder-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-star.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-startup-programs-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-startup-programs.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-system-boost.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-system-scan-dark.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-system-scan.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tile-icon-web-security.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\timer-segment-black.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\timer-segment-red.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\timer-separator.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\tip-bubble.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-antivirus.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-boost.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-dollar.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-star.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-vpn.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\trial-notification-warning.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-applications.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-browser-manager.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-duplicates.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-firewall.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-junk-shredder.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-quarantine.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\upgrade-startup-programs.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\vpn-data-download.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\vpn-data-upload.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\vpn-tick.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\vpn-tile-icon.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\vpn-unsecured-wifi-connected.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-circle-red45.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-icon-red-small.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-icon-white-large.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-icon-white-medium.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-icon-white19.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-triangle-gray.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-triangle-orange.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-triangle-red.png -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\resources\warning-triangle-yellow.png -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\resources -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aebb.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aecore.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aecrypto.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aedroid.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aeemu.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aeexp.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aegen.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aehelp.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aeheur.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aelibinf.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aelidb.dat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aemobile.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aemvdb.dat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aeoffice.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aepack.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aerdl.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aesbx.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aescn.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aescript.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aeset.dat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aevdf.dat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\aevdf.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\apcfile.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\apchash.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\avgio.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\avupdate-savapilib-engine.conf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\avupdate.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\avupdate.log -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\avupdate_msg.avr -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\cacert.crt -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\HBEDV.KEY -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\HBEDV.KEY.bak -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\hbedv.pidfile -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\idx\master.idx -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\idx -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\local000.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\msvcp120.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\msvcr120.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\names_cache\AV-malware-names-3288-yDeR4o -> Removed at reboot [20]
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\names_cache -> Removed at reboot [91]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\on-access-drivers-install.cmd -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\on-access-drivers-uninstall.cmd -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\README -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\utils\on-access-drivers-final.cmd -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\utils\on-access-drivers-post.cmd -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\utils\on-access-drivers-pre.cmd -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\utils\sd_inst.exe -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\utils -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avipbb.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avipbb.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avipbb.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\win8 -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avipbb.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avipbb.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avipbb.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32\xp -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win32 -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avipbb.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avipbb.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avipbb.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\vista -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avipbb.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avipbb.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avipbb.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.cat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\win8 -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avgntflt.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avgntflt.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avipbb.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avipbb.sys -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avkmgr.inf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp\avkmgr.sys -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64\xp -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access\win64 -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\on_access -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\productname.dat -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\savapi.dll -> Removed at reboot [5]
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI\tmp -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\vdfupd.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00000.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00001.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00002.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00003.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00004.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00005.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00006.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00007.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00008.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00009.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00010.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00011.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00012.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00013.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00014.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00015.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00016.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00017.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00018.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00019.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00020.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00021.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00022.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00023.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00024.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00025.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00026.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00027.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00028.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00029.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00030.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00031.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00032.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00033.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00034.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00035.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00036.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00037.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00038.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00039.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00040.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00041.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00042.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00043.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00044.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00045.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00046.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00047.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00048.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00049.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00050.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00051.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00052.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00053.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00054.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00055.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00056.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00057.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00058.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00059.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00060.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00061.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00062.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00063.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00064.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00065.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00066.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00067.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00068.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00069.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00070.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00071.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00072.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00073.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00074.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00075.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00076.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00077.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00078.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00079.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00080.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00081.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00082.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00083.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00084.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00085.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00086.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00087.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00088.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00089.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00090.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00091.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00092.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00093.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00094.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00095.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00096.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00097.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00098.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00099.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00100.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00101.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00102.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00103.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00104.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00105.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00106.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00107.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00108.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00109.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00110.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00111.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00112.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00113.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00114.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00115.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00116.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00117.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00118.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00119.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00120.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00121.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00122.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00123.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00124.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00125.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00126.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00127.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00128.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00129.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00130.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00131.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00132.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00133.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00134.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00135.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00136.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00137.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00138.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00139.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00140.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00141.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00142.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00143.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00144.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00145.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00146.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00147.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00148.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00149.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00150.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00151.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00152.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00153.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00154.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00155.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00156.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00157.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00158.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00159.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00160.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00161.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00162.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00163.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00164.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00165.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00166.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00167.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00168.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00169.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00170.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00171.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00172.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00173.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00174.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00175.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00176.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00177.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00178.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00179.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00180.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00181.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00182.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00183.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00184.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00185.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00186.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00187.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00188.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00189.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00190.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00191.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00192.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00193.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00194.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00195.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00196.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00197.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00198.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00199.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00200.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00201.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00202.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00203.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00204.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00205.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00206.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00207.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00208.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00209.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00210.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00211.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00212.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00213.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00214.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00215.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00216.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00217.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00218.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00219.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00220.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00221.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00222.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00223.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00224.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00225.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00226.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00227.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00228.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00229.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00230.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00231.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00232.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00233.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00234.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00235.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00236.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00237.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00238.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00239.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00240.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00241.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00242.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00243.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00244.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00245.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00246.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00247.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00248.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00249.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00250.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00251.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00252.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00253.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00254.vdf -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SAVAPI\xbv00255.vdf -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\SAVAPI -> Removed at reboot [91]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Savapi.NET.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SCAPI.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SecurityProductInformation.ini -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SecurityService.exe -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SecurityService.exe.config -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SharedDesktop.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\ShellBrowser.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\SSCore.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\startup\startup.json -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\startup -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\System.Data.SQLite.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\temp.txt -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\TotalAV.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\TotalAV.exe.config -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\uninst.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Update.Win.exe -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Update.Win.exe.config -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Utilizr.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Utilizr.OpenVPN.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Utilizr.VPN.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Utilizr.VPN.Win.dll -> Removed at reboot [5]
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\Utilzr.WPF.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\vccorlib120.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\WebSocket4Net.dll -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\x64\SQLite.Interop.dll -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\x64 -> Deleted
[PUP.PCProtect][File] C:\Program Files (x86)\TotalAV\x86\SQLite.Interop.dll -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\x86 -> Deleted
[PUP.PCProtect][Folder] C:\Program Files (x86)\TotalAV\zh-CN -> Deleted
[PUP.PCProtect][File] C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk [LNK@] C:\PROGRA~2\TotalAV\TotalAV.exe -> Removed at reboot [2]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.PCProtect][Chrome:Addon] Default : Total AV Web Shield [looohgelibjoplmkhecmalapkgadkfcc] -> Deleted
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.google.com/|http://search.strtpoint.com/?c=5&v=insMac&t=1412&ap=209950001&r=0eced2d6edafe59000211ee1ded5dbf4|http://www.google.com/] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AADS-56S9B1 +++++
--- User ---
[MBR] 736e310d1f5fb07f4b82230d48111f45
[BSP] 22df6602b2efd1731c22ff3ba45773b5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] e5d422b5e3a88aaecd9ab39bcdd2e1e0
[BSP] b6d3d2073972c43804895219bd27ef33 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 475955 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975783936 | Size: 481 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 6d7f38d259b3f9dfc9cc1c04c656f375
[BSP] 6179ce361408dd6fb781426f3be61b07 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
 
 
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
 
 
 
 
 
# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 22 19:09:05 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: SecurityService
 
 
***** [ Folders ] *****
 
Deleted: C:\Users\Josh\Documents\TotalAV
 
 
***** [ Files ] *****
 
Deleted: C:\Users\Josh\Downloads\TOTALAV.EXE
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Total AV Web Shield - 
Startpage deleted: https://www.google.com/
Startpage deleted: http://www.google.com/
Startpage deleted: https://www.google.com/
Startpage deleted: http://www.google.com/
Startpage deleted: https://www.google.com/
Startpage deleted: http://www.google.com/
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1701 B] - [2018/1/22 15:0:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [1767 B] - [2018/1/22 15:10:5]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 23 January 2018 - 08:16 AM

Mostly because TotalAV isn't a "real" Antivirus per say. More like a PUP.

Alright, now run a new scan with FRST and provide me a fresh set of logs, I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 c0up51er

c0up51er
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 24 January 2018 - 09:34 AM

That's understandable then, learn something new every day i suppose :) 

 

FRST.txt + Addition.txt are listed below, in that order;

 

----------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Josh (administrator) on DESKTOP-RP2SKNQ (24-01-2018 14:31:41)
Running from C:\Users\Josh\Desktop\AntiVirus
Loaded Profiles: Josh (Available Profiles: defaultuser0 & Josh & Administrator)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\AURA\AsRogAuraService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.03\atkexComSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(CMedia) C:\Program Files\ASUS Xonar DSX Audio\Customapp\AsusAudioCenter.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Josh\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9029088 2016-10-17] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21098704 2017-12-07] (Corsair Components, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\Run: [gflauncher] => "D:\Games\GFACE Launcher\live\gflauncher.exe" --autostart
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27092176 2017-12-08] (Corsair Components, Inc.)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-11-27]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4995f78a-b19f-4b4a-b460-5f13c664d4f8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{64b523b1-9b80-4ff4-a8ce-7dff11769b84}: [NameServer] 192.168.1.254
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-28] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 3tuqfm29.default
FF DefaultProfile: sect5shw.default
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Waterfox\Profiles\3tuqfm29.default [2018-01-22]
FF Extension: (FireFTP) - C:\Users\Josh\AppData\Roaming\Waterfox\Profiles\3tuqfm29.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-11-15] [Legacy]
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\sect5shw.default [2018-01-15]
FF Session Restore: Mozilla\Firefox\Profiles\sect5shw.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-28] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1221996817-3023876139-3523539557-1001: @my.com/Games -> C:\Users\Josh\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
StartMenuInternet: Firefox-6F940AC27A98DD61 - C:\Program Files\Waterfox\waterfox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://search.strtpoint.com/?c=5&v=insMac&t=1412&ap=209950001&r=0eced2d6edafe59000211ee1ded5dbf4","hxxp://www.google.com/","hxxps://encrypted.google.com"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default [2018-01-24]
CHR Extension: (Slides) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-01-11]
CHR Extension: (Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-06-04]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
CHR Extension: ( YouTube™ Picture in Picture (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfanpgpmfdocbeldhfgeafndhoiifgpe [2018-01-23]
CHR Extension: (Dropbox for Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-06-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-07]
CHR Extension: (Black Menu for Google™) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2018-01-15]
CHR Extension: (Sheets) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (iCloud Bookmarks) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-04]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-01-22]
CHR Extension: (The Great Suspender) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-07]
CHR Extension: (Momentum) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Starry Blue - A Dark Blue Theme) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\onaepjjikdikiifeoakcjjocamfjoamb [2018-01-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-06-28]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.03\atkexComSvc.exe [933840 2017-02-17] ()
R2 AsRogAuraService; C:\Program Files (x86)\ASUS\AURA\AsRogAuraService.exe [856536 2017-02-17] (ASUSTek Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-06-29] (Windows ® Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-28] ()
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32976 2017-12-08] (Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-09-28] (EasyAntiCheat Ltd)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc.)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2017-03-09] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [431616 2017-11-07] (Razer Inc.) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [919200 2017-11-29] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2018-01-09] (Razer Inc)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 Survarium-Steam Update Service; D:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [97880 2017-04-13] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [36384 2017-03-27] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-10-14] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-06-07] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-06-07] (Corsair)
R3 cpuz144; C:\WINDOWS\temp\cpuz144\cpuz144_x64.sys [48984 2018-01-24] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [543184 2016-07-26] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2018-01-20] ()
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-01-11] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-24] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-09-01] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-22 14:59 - 2018-01-22 19:09 - 000000000 ____D C:\AdwCleaner
2018-01-22 14:56 - 2018-01-22 19:12 - 000130077 _____ C:\Users\Josh\Desktop\Next Reply.txt
2018-01-22 14:35 - 2018-01-22 14:55 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-22 14:35 - 2018-01-22 14:35 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-22 14:35 - 2018-01-22 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-22 14:35 - 2018-01-22 14:35 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-21 17:47 - 2018-01-21 17:47 - 000001243 _____ C:\Users\Josh\Desktop\MBAM Log.txt
2018-01-20 04:50 - 2018-01-20 04:50 - 000000000 ____D C:\Users\Josh\Desktop\Rust Admin
2018-01-20 04:49 - 2018-01-24 14:31 - 000000000 ____D C:\Users\Josh\Desktop\AntiVirus
2018-01-20 04:47 - 2018-01-20 19:08 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-20 04:46 - 2018-01-24 14:31 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-20 04:46 - 2018-01-22 22:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-20 04:46 - 2018-01-22 22:48 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-20 04:20 - 2018-01-20 04:20 - 000000227 _____ C:\Users\Josh\Downloads\Pc Specs.txt
2018-01-20 04:18 - 2018-01-20 04:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7422C2DA.sys
2018-01-20 04:12 - 2018-01-22 22:48 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-20 04:05 - 2018-01-20 04:05 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46126792.sys
2018-01-20 04:04 - 2018-01-20 04:30 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-20 04:04 - 2018-01-20 04:04 - 014161479 _____ C:\Users\Josh\Downloads\mbar-1.10.3.1001-nr.exe
2018-01-20 01:04 - 2018-01-20 01:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2018-01-19 23:17 - 2018-01-19 23:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-01-19 23:17 - 2018-01-19 23:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-01-19 23:05 - 2018-01-20 19:08 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-19 23:05 - 2018-01-20 04:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-19 23:05 - 2018-01-19 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-19 23:05 - 2018-01-19 23:05 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-19 23:04 - 2018-01-19 23:04 - 082574056 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3732.exe
2018-01-19 23:03 - 2018-01-19 23:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-01-19 23:02 - 2018-01-19 23:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-01-19 23:02 - 2018-01-19 23:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-01-19 23:02 - 2018-01-19 23:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-01-19 23:02 - 2018-01-19 23:04 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-01-19 23:02 - 2018-01-19 23:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-01-19 23:02 - 2018-01-19 23:02 - 000003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-01-19 23:02 - 2018-01-19 23:02 - 000002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-19 23:02 - 2018-01-19 23:02 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ASUS
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\Razer
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\Corsair
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-01-19 23:02 - 2018-01-19 23:02 - 000000000 ____D C:\Users\Administrator
2018-01-19 22:41 - 2018-01-19 22:41 - 082574056 _____ (Malwarebytes ) C:\Users\Josh\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3732.exe
2018-01-19 22:39 - 2018-01-19 22:40 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.exe
2018-01-19 22:11 - 2018-01-19 22:16 - 000061384 _____ C:\Users\Josh\Downloads\Addition.txt
2018-01-19 22:10 - 2018-01-19 22:16 - 000083175 _____ C:\Users\Josh\Downloads\FRST.txt
2018-01-19 22:00 - 2018-01-19 22:16 - 000000000 ____D C:\FRST
2018-01-19 19:54 - 2018-01-19 19:54 - 000000000 ____D C:\Users\Josh\AppData\Roaming\FiraxisLive
2018-01-16 12:00 - 2018-01-16 12:00 - 000000000 ____D C:\ProgramData\RzSurroundVAD_1.1.63.0
2018-01-16 10:57 - 2018-01-01 17:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-16 10:57 - 2018-01-01 12:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-16 10:57 - 2018-01-01 12:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-16 10:57 - 2018-01-01 12:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-16 10:57 - 2018-01-01 12:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-16 10:57 - 2018-01-01 12:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-16 10:57 - 2018-01-01 12:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-16 10:57 - 2018-01-01 12:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-16 10:57 - 2018-01-01 12:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-16 10:57 - 2018-01-01 12:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-16 10:57 - 2018-01-01 12:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-16 10:57 - 2018-01-01 12:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-16 10:57 - 2018-01-01 12:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-16 10:57 - 2018-01-01 12:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-16 10:57 - 2018-01-01 12:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-16 10:57 - 2018-01-01 12:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-16 10:57 - 2018-01-01 12:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-16 10:57 - 2018-01-01 12:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-16 10:57 - 2018-01-01 12:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-16 10:57 - 2018-01-01 12:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-16 10:57 - 2018-01-01 12:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-16 10:57 - 2018-01-01 12:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-16 10:57 - 2018-01-01 12:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-16 10:57 - 2018-01-01 12:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-16 10:57 - 2018-01-01 12:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-16 10:57 - 2018-01-01 12:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-16 10:57 - 2018-01-01 12:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-16 10:57 - 2018-01-01 12:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-16 10:57 - 2018-01-01 12:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-16 10:57 - 2018-01-01 12:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-16 10:57 - 2018-01-01 12:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-16 10:57 - 2018-01-01 12:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-16 10:57 - 2018-01-01 12:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-16 10:57 - 2018-01-01 12:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-16 10:57 - 2018-01-01 12:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-16 10:57 - 2018-01-01 12:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-16 10:57 - 2018-01-01 12:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-16 10:57 - 2018-01-01 12:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-16 10:57 - 2018-01-01 12:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-16 10:57 - 2018-01-01 12:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-16 10:57 - 2018-01-01 12:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-16 10:57 - 2018-01-01 12:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-16 10:57 - 2018-01-01 12:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-16 10:57 - 2018-01-01 12:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-16 10:57 - 2018-01-01 12:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-16 10:57 - 2018-01-01 12:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-16 10:57 - 2018-01-01 12:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-16 10:57 - 2018-01-01 12:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-16 10:57 - 2018-01-01 12:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-16 10:57 - 2018-01-01 12:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-16 10:57 - 2018-01-01 12:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-16 10:57 - 2018-01-01 12:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-16 10:57 - 2018-01-01 12:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-16 10:57 - 2018-01-01 12:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-16 10:57 - 2018-01-01 12:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-16 10:57 - 2018-01-01 12:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-16 10:57 - 2018-01-01 12:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-16 10:57 - 2018-01-01 12:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-16 10:57 - 2018-01-01 12:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-16 10:57 - 2018-01-01 12:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-16 10:57 - 2018-01-01 12:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-16 10:57 - 2018-01-01 12:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-16 10:57 - 2018-01-01 12:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-16 10:57 - 2018-01-01 12:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-16 10:57 - 2018-01-01 12:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-16 10:57 - 2018-01-01 12:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-16 10:57 - 2018-01-01 12:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-16 10:57 - 2018-01-01 12:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-16 10:57 - 2018-01-01 12:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-16 10:57 - 2018-01-01 12:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-16 10:57 - 2018-01-01 12:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-16 10:57 - 2018-01-01 12:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-16 10:57 - 2018-01-01 12:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-16 10:57 - 2018-01-01 12:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-16 10:57 - 2018-01-01 12:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-16 10:57 - 2018-01-01 12:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-16 10:57 - 2018-01-01 12:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-16 10:57 - 2018-01-01 12:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-16 10:57 - 2018-01-01 12:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-16 10:57 - 2018-01-01 12:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-16 10:57 - 2018-01-01 12:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-16 10:57 - 2018-01-01 12:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-16 10:57 - 2018-01-01 11:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-16 10:57 - 2018-01-01 11:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-16 10:57 - 2018-01-01 11:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-16 10:57 - 2018-01-01 11:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-16 10:57 - 2018-01-01 11:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-16 10:57 - 2018-01-01 11:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-16 10:57 - 2018-01-01 11:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-16 10:57 - 2018-01-01 11:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-16 10:57 - 2018-01-01 11:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-16 10:57 - 2018-01-01 11:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-16 10:57 - 2018-01-01 11:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-16 10:57 - 2018-01-01 11:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-16 10:57 - 2018-01-01 11:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-16 10:57 - 2018-01-01 11:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-16 10:57 - 2018-01-01 11:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-16 10:57 - 2018-01-01 11:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-16 10:57 - 2018-01-01 11:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-16 10:57 - 2018-01-01 11:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-16 10:57 - 2018-01-01 11:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-16 10:57 - 2018-01-01 11:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-16 10:57 - 2018-01-01 11:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-16 10:57 - 2018-01-01 11:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-16 10:57 - 2018-01-01 11:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-16 10:57 - 2018-01-01 11:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-16 10:57 - 2018-01-01 11:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-16 10:57 - 2018-01-01 11:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-16 10:57 - 2018-01-01 11:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-16 10:57 - 2018-01-01 11:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-16 10:57 - 2018-01-01 11:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-16 10:57 - 2018-01-01 11:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-16 10:57 - 2018-01-01 11:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-16 10:57 - 2018-01-01 11:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-16 10:57 - 2018-01-01 11:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-16 10:57 - 2018-01-01 11:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-16 10:57 - 2018-01-01 11:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-16 10:57 - 2018-01-01 11:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-16 10:57 - 2018-01-01 11:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-16 10:57 - 2018-01-01 11:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-16 10:57 - 2018-01-01 11:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-16 10:57 - 2018-01-01 11:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-16 10:57 - 2018-01-01 11:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-16 10:57 - 2018-01-01 11:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-16 10:57 - 2018-01-01 11:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-16 10:57 - 2018-01-01 11:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-16 10:57 - 2018-01-01 11:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-16 10:57 - 2018-01-01 11:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-16 10:57 - 2018-01-01 11:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-16 10:57 - 2018-01-01 11:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-16 10:57 - 2018-01-01 11:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-16 10:57 - 2018-01-01 11:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-16 10:57 - 2018-01-01 11:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-16 10:57 - 2018-01-01 11:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-16 10:57 - 2018-01-01 11:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-16 10:57 - 2018-01-01 11:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-16 10:57 - 2018-01-01 11:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-16 10:57 - 2018-01-01 11:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-16 10:57 - 2018-01-01 11:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-16 10:57 - 2018-01-01 11:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-16 10:57 - 2018-01-01 11:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-16 10:57 - 2018-01-01 11:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-16 10:57 - 2018-01-01 11:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-16 10:57 - 2018-01-01 11:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-16 10:57 - 2018-01-01 11:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-16 10:57 - 2018-01-01 11:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-16 10:57 - 2018-01-01 11:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-16 10:57 - 2018-01-01 11:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-16 10:57 - 2018-01-01 11:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-16 10:57 - 2018-01-01 11:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-16 10:57 - 2018-01-01 11:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-16 10:57 - 2018-01-01 11:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-16 10:57 - 2018-01-01 11:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-16 10:57 - 2018-01-01 11:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-16 10:57 - 2018-01-01 11:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-16 10:57 - 2018-01-01 11:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-16 10:57 - 2018-01-01 11:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-15 13:09 - 2018-01-15 13:09 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-01-15 13:04 - 2018-01-15 13:04 - 000007605 _____ C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2018-01-09 03:38 - 2018-01-09 03:38 - 000251872 _____ (Razer inc) C:\WINDOWS\system32\DriverInstallCACMD.exe
2018-01-09 03:38 - 2018-01-09 03:38 - 000075744 _____ (Razer Inc) C:\WINDOWS\system32\DriverInstallCA.dll
2017-12-31 16:43 - 2017-12-31 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-12-31 16:42 - 2017-12-31 16:42 - 000000000 ____D C:\Program Files (x86)\Corsair
2017-12-29 23:05 - 2017-12-29 23:05 - 000000000 ____D C:\Users\Josh\AppData\Roaming\DS4Windows
2017-12-29 08:44 - 2017-12-29 08:44 - 000000000 ____D C:\Users\Josh\AppData\Local\TslGame
2017-12-28 21:52 - 2017-12-28 21:52 - 002211576 _____ C:\Users\Josh\Downloads\winrar-x64-550.exe
2017-12-28 21:52 - 2017-12-28 21:52 - 000000000 ____D C:\Users\Josh\AppData\Roaming\WinRAR
2017-12-28 21:52 - 2017-12-28 21:52 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-28 21:52 - 2017-12-28 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-28 21:52 - 2017-12-28 21:52 - 000000000 ____D C:\Program Files\WinRAR
2017-12-28 14:44 - 2017-12-28 14:44 - 000000000 ____D C:\Users\Josh\Documents\DyingLight
2017-12-28 12:56 - 2017-12-28 12:56 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-12-28 12:42 - 2017-12-28 12:42 - 000000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2017-12-28 12:41 - 2017-12-28 12:41 - 000183220 _____ C:\Users\Josh\Downloads\Appsdiagnostic10.diagcab
2017-12-28 12:34 - 2017-12-28 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-12-28 09:38 - 2017-12-29 08:39 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-27 18:44 - 2017-12-27 18:44 - 000000000 ____D C:\Users\Josh\AppData\Local\My Games
2017-12-27 18:11 - 2017-12-27 18:11 - 000000000 ____D C:\Users\Josh\Documents\FIFA 15
2017-12-27 18:09 - 2017-12-27 18:09 - 000000000 ____D C:\Users\Josh\AppData\LocalLow\uTorrent
2017-12-27 18:01 - 2017-12-27 18:01 - 000000000 ____D C:\Users\Josh\Documents\Lucius
2017-12-27 17:38 - 2017-12-27 18:10 - 000000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
2017-12-27 15:21 - 2018-01-20 04:12 - 000000000 ___HD C:\ProgramData\21287q55855B44282H99998
2017-12-27 15:01 - 2017-12-27 15:01 - 001768110 _____ C:\Users\Josh\Downloads\IntelBurnTest.zip
2017-12-27 14:45 - 2017-12-27 14:49 - 054087560 _____ C:\Users\Josh\Downloads\aida64extreme595.zip
2017-12-27 14:41 - 2017-12-27 14:42 - 001243944 _____ (ALCPU ) C:\Users\Josh\Downloads\Core-Temp-setup (1).exe
2017-12-27 04:53 - 2017-12-27 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair LINK 4
2017-12-27 04:53 - 2017-12-27 04:53 - 000000000 ____D C:\Program Files (x86)\CorsairLink4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-24 14:31 - 2017-06-04 18:23 - 000000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2018-01-24 14:30 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-24 14:29 - 2017-09-29 13:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-24 14:29 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-24 14:29 - 2017-06-09 20:27 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-23 22:23 - 2017-06-04 15:20 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-23 21:23 - 2017-11-18 17:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-23 13:16 - 2017-11-18 17:26 - 001246998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-22 22:49 - 2017-12-17 13:01 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Nitro
2018-01-22 22:48 - 2017-11-18 17:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-22 22:48 - 2017-09-29 08:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-22 19:32 - 2017-07-22 14:25 - 000000000 ____D C:\Users\Josh\AppData\Local\LOOT
2018-01-22 19:11 - 2017-06-10 18:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-22 19:09 - 2017-11-18 17:18 - 000000000 ____D C:\Users\Josh
2018-01-21 22:20 - 2017-07-01 12:34 - 000000000 ____D C:\Users\Josh\Documents\The Witcher 3
2018-01-21 22:20 - 2017-06-04 17:05 - 000000000 ____D C:\Users\Josh\Desktop\Games
2018-01-20 14:26 - 2017-06-04 15:44 - 000000000 ____D C:\ProgramData\CLink4
2018-01-20 04:50 - 2017-07-28 18:55 - 000000000 ____D C:\Users\Josh\Desktop\Mod Stuff
2018-01-19 23:18 - 2017-09-29 13:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-19 23:12 - 2017-06-04 14:58 - 000000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2018-01-19 23:06 - 2017-09-29 13:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-19 23:02 - 2017-06-04 14:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-19 22:58 - 2016-07-16 11:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-19 21:37 - 2017-06-04 17:18 - 000000000 ____D C:\Users\Josh\AppData\Roaming\discord
2018-01-19 19:54 - 2017-06-05 16:04 - 000000000 ____D C:\Users\Josh\Documents\My Games
2018-01-18 02:23 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-18 00:17 - 2017-11-06 22:35 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Kodi
2018-01-18 00:03 - 2017-09-29 13:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-18 00:03 - 2017-06-17 11:42 - 000000000 ____D C:\ProgramData\Apple
2018-01-18 00:01 - 2017-06-17 11:43 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Apple Computer
2018-01-17 23:59 - 2017-11-26 12:24 - 000000000 ____D C:\Users\Josh\AppData\Local\Deployment
2018-01-17 23:58 - 2017-09-05 15:02 - 000000000 ____D C:\Users\Josh\AppData\Local\New Technology Studio
2018-01-16 12:00 - 2017-06-04 18:23 - 000000000 _____ C:\WINDOWS\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2018-01-16 11:58 - 2017-11-18 17:37 - 000000000 ___RD C:\Users\Josh\3D Objects
2018-01-16 11:58 - 2017-11-18 17:17 - 000261432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-16 11:57 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-16 11:57 - 2017-09-29 08:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-16 11:00 - 2017-06-04 15:01 - 000000000 ___HD C:\ProgramData\52902q49011B33122H97779
2018-01-16 10:58 - 2017-09-29 13:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-16 10:58 - 2017-09-29 13:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-16 10:58 - 2017-09-29 13:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-13 17:01 - 2017-06-04 15:13 - 000000000 ____D C:\Users\Josh\AppData\Local\NVIDIA
2018-01-10 15:50 - 2017-11-18 17:20 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1221996817-3023876139-3523539557-1001
2018-01-10 15:50 - 2017-06-04 14:51 - 000002364 _____ C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 15:50 - 2017-06-04 14:51 - 000000000 __RDL C:\Users\Josh\OneDrive
2018-01-09 21:27 - 2017-06-04 21:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 21:25 - 2017-10-11 17:30 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 21:25 - 2017-06-04 21:54 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 21:17 - 2017-09-05 14:15 - 000000000 ____D C:\Users\Josh\AppData\Local\MyComGames
2018-01-09 19:20 - 2017-11-18 17:20 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 19:20 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 19:20 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-09 18:46 - 2017-06-04 17:18 - 000000000 ____D C:\Users\Josh\AppData\Local\Discord
2018-01-07 12:35 - 2017-06-04 14:49 - 000000000 ____D C:\Users\Josh\AppData\Local\VirtualStore
2018-01-07 12:26 - 2017-09-29 13:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-06 15:15 - 2017-06-04 15:21 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-29 08:45 - 2017-06-04 15:13 - 000000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2017-12-29 08:44 - 2017-09-02 18:13 - 000000000 ____D C:\Users\Josh\AppData\Local\UnrealEngine
2017-12-29 08:44 - 2017-06-04 15:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-28 12:35 - 2017-06-12 21:07 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-28 12:35 - 2017-06-12 21:07 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-28 12:34 - 2017-06-12 21:07 - 000000000 ____D C:\Users\Josh\Documents\Rockstar Games
2017-12-28 12:34 - 2017-06-12 21:07 - 000000000 ____D C:\Users\Josh\AppData\Local\Rockstar Games
2017-12-28 12:34 - 2017-06-04 15:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-28 10:49 - 2017-07-01 12:34 - 000000000 ____D C:\Users\Josh\ansel
2017-12-27 18:20 - 2017-06-15 22:02 - 000000000 ____D C:\Users\Josh\AppData\Local\Spotify
2017-12-27 18:19 - 2017-06-15 22:01 - 000000000 ____D C:\Users\Josh\AppData\Roaming\Spotify
2017-12-27 18:01 - 2017-06-23 15:57 - 000000000 ____D C:\Users\Josh\Documents\4A Games
2017-12-27 15:20 - 2017-06-04 14:58 - 030533688 _____ C:\Users\Josh\Downloads\KMS — Pico Activator [1].exe
2017-12-27 14:42 - 2017-06-04 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2017-12-27 14:42 - 2017-06-04 15:58 - 000000000 ____D C:\Program Files\Core Temp
 
==================== Files in the root of some directories =======
 
2017-07-15 15:03 - 2017-07-15 15:03 - 000728064 _____ () C:\Users\Josh\AppData\Local\file__0.localstorage
2018-01-15 13:04 - 2018-01-15 13:04 - 000007605 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-01-21 19:52 - 2018-01-23 21:23 - 000000000 _____ () C:\Users\Josh\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-01-18 10:52 - 2018-01-23 21:23 - 000000017 _____ () C:\Users\Josh\AppData\Local\Temp\6fb3434a7c2cb29571963e41cc60a0ff.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-19 23:24
 
==================== End of FRST.txt ===========================
 
 
 
 
------------------------------------------------------------------------------------------------------------------------------------
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Josh (24-01-2018 14:32:00)
Running from C:\Users\Josh\Desktop\AntiVirus
Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-18 17:37:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1221996817-3023876139-3523539557-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1221996817-3023876139-3523539557-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1221996817-3023876139-3523539557-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1221996817-3023876139-3523539557-501 - Limited - Disabled)
Josh (S-1-5-21-1221996817-3023876139-3523539557-1001 - Administrator - Enabled) => C:\Users\Josh
Snapp (S-1-5-21-1221996817-3023876139-3523539557-1003 - Limited - Disabled)
timco (S-1-5-21-1221996817-3023876139-3523539557-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1221996817-3023876139-3523539557-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AIDA64 Extreme v5.90 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.90 - FinalWire Ltd.)
ApoDispatchConfigurator (HKLM\...\{EE69F441-C3C7-4983-B995-7C1070F37832}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus Sonic Radar 3 (HKLM-x32\...\{2ee41b62-6ea2-4a3d-8d26-9af8dd6e44fe}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc)
Asus Sonic Studio 3 (HKLM-x32\...\{8e66dfd3-6971-4019-b3f6-86492e809591}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc)
ASUS Xonar DSX Audio (HKLM-x32\...\{8FFA0EAF-5AFB-4492-B5F7-C56B03DF08DF}) (Version:   - )
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.04.29 - ASUSTeK Computer Inc.)
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Corsair LINK 4 (HKLM-x32\...\{33e05e67-89c3-4514-8bf0-17b6329a8855}) (Version: 4.9.4.28 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{62BE14B0-C98C-47AC-8E02-E27402AADB82}) (Version: 4.9.4.28 - Corsair Components, Inc.) Hidden
Corsair Utility Engine (HKLM-x32\...\{016ED5C0-8A01-416B-9AC9-FE00EB01ACF1}) (Version: 2.21.67 - Corsair)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
DeviceRoutingConfigurator (HKLM\...\{75EBC822-7D61-4756-9CE4-E782383411C1}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc) Hidden
Discord (HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA Precision XOC (HKLM-x32\...\{F4B553F2-EEC4-4741-9A55-B12DDC0F79DC}) (Version: 6.1.6 - EVGA Corporation)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Network Connections 21.1.27.0 (HKLM\...\PROSetDX) (Version: 21.1.27.0 - Intel)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\Kodi) (Version:  - XBMC-Foundation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
My.com Game Center (HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\MyComGames) (Version: 3.194 - My.com B.V.)
NahimicSettingsConfigurator (HKLM\...\{67BA90ED-106D-4AAE-BCFC-5A1AAB59B6D4}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nitro Pro (HKLM\...\{1DD58739-D7CC-497A-900C-64275F3DDC56}) (Version: 11.0.3.173 - Nitro) Hidden
Nitro Pro (HKLM-x32\...\{9f24780c-4a42-40b6-957e-7510d6dfec2a}) (Version: 11.0.3.173 - Nitro)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
ProductDaemonSetup (HKLM\...\{17A2D1AC-D9F5-4A46-A29E-75AAAA5E382D}) (Version: 3.0.001 - ASUSTeKcomputer.Inc) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10374 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.260 - Qualcomm Atheros)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 r2989 - Rainmeter)
RAPID Mode (HKLM\...\{4B94C023-022A-4271-A1D6-744ABE74D220}) (Version: 1.0.0.97 - Samsung Electronics Co., Ltd.) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.8.6 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.27 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
RogueKiller version 12.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.1.0 - Adlice Software)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
SonicMapperConfigurator (HKLM\...\{CFD55484-F461-4F43-AC89-36F24FD3E12A}) (Version: 3.0.0.35740 - ASUSTeKcomputer.Inc) Hidden
SonicRadar3Setup (HKLM\...\{92E53B84-6861-405B-B966-8AB20FB090EB}) (Version: 3.0.0.35740 - ASUSTeKcomputer.Inc) Hidden
SonicStudio3Setup (HKLM\...\{BE705BF9-EFB8-49AB-94B0-412E963DEEC7}) (Version: 3.0.0.35752 - ASUSTeKcomputer.Inc) Hidden
Spotify (HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\Spotify) (Version: 1.0.68.407.g6864aaaf - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.50c - Vostok Games)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Unigine Superposition Benchmark 1.0 (HKLM\...\Superposition_is1) (Version: 1.0 - Unigine Corp.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Waterfox 55.2.2 (x64 en-US) (HKLM\...\Waterfox 55.2.2 (x64 en-US)) (Version: 55.2.2 - Waterfox Ltd)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-03-09] (Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0886605E-58B4-4311-9FA4-04C84FA0257F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {293A5F14-5904-4A3D-9636-4EDDD04DA870} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.)
Task: {2A709EB5-1985-4F18-844E-E3DC5B70405C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {3647C1F1-A6F8-4C1D-800F-641CDFDE193D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {457732D6-1E57-4F03-8100-011CB9768DDF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {4EEAAE41-297D-43C6-A52A-9F90D573FB5F} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [2016-08-26] ()
Task: {5AF6D706-0CEA-41FA-A106-5D90218A0BB4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {6544075C-C474-4582-9347-AE26F5CE272F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {690EAFA3-1686-4B1B-813E-C0A518B1CBA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {6AB0AC3C-F836-42F2-8A06-42939DF93BFC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {6CE0A8DA-9424-41E5-BE30-95A396BCC912} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\Precision XOC\PrecisionX_x64.exe [2017-05-03] (EVGA Corp.)
Task: {7B51EFB1-49E7-45B1-BB80-27972B02C72E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {8885AE5C-7DD3-4BC8-B60A-63AC0A66E77F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {B766E978-9D64-44A2-9C65-765AAAB6BA7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.)
Task: {D1D7E753-DDDC-4BB6-868A-388032170183} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {DE5D245A-12C3-46EB-9C11-CF4D45AE9DAC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {DEFEB800-8746-472A-A9C3-39589BD1A4B3} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {E563CD32-8394-4118-A8D1-E49192F520D2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {EEC5BD5B-9B91-4F51-B71B-9F17B4C982D4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {F515B78F-35FE-41C5-840F-BC699C9683A9} - System32\Tasks\SS3Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe [2016-08-26] ()
Task: {F6CA5806-E8C0-40C6-BF19-D31A99700BAB} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe [2017-02-17] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Josh\Desktop\Programs\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-04 15:22 - 2014-04-24 06:29 - 001360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-09-05 13:43 - 2017-11-16 01:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-09 09:39 - 2017-03-09 09:39 - 000419016 _____ () c:\program files\nitro\pro 11\nitro_updateservice.exe
2017-03-09 09:39 - 2017-03-09 09:39 - 000320712 _____ () c:\program files\nitro\pro 11\Nitro_KissMetrics.dll
2017-06-04 15:38 - 2017-02-17 16:50 - 000933840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.03\atkexComSvc.exe
2017-07-19 23:09 - 2017-07-19 23:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2018-01-19 23:05 - 2018-01-20 19:08 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-19 23:05 - 2018-01-20 19:07 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-04 15:38 - 2017-02-17 18:07 - 000247256 _____ () C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe
2017-12-13 18:40 - 2017-11-26 12:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 18:40 - 2017-11-26 12:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-18 10:32 - 2018-01-18 10:33 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 10:32 - 2018-01-18 10:33 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 10:32 - 2018-01-18 10:33 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-06 15:17 - 2018-01-06 15:17 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-18 10:32 - 2018-01-18 10:33 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-06-04 15:24 - 2014-05-22 08:24 - 000096568 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2017-07-29 02:45 - 2017-07-29 02:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2018-01-06 15:15 - 2018-01-03 09:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 15:15 - 2018-01-03 09:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-11-18 10:51 - 2017-11-18 10:51 - 000975872 _____ () c:\windows\system32\FaceProcessor.dll
2017-11-18 10:51 - 2017-11-18 10:51 - 000269696 _____ () c:\windows\system32\FaceProcessorCore.dll
2017-09-29 13:41 - 2017-09-29 13:41 - 001357464 _____ () c:\windows\system32\FaceTrackerInternal.dll
2017-06-04 15:38 - 2017-02-17 16:50 - 001746432 _____ () C:\Program Files (x86)\ASUS\AURA\Vender.dll
2017-06-04 15:38 - 2017-02-17 16:50 - 000519680 _____ () C:\Program Files (x86)\ASUS\AURA\ClaymoreProtocol.dll
2017-06-04 15:38 - 2017-02-17 16:50 - 000519680 _____ () C:\Program Files (x86)\ASUS\AURA\RogNewmouseProtocol.dll
2017-06-04 15:38 - 2018-01-22 22:48 - 000044328 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.03\PEbiosinterface32.dll
2017-06-04 15:38 - 2017-02-17 16:50 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.03\ATKEX.dll
2016-09-14 19:25 - 2016-09-14 19:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-09-05 13:43 - 2017-11-16 01:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-05 13:43 - 2017-11-16 01:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-06-04 19:19 - 2012-06-06 08:56 - 000143360 ____N () C:\Program Files\ASUS Xonar DSX Audio\Customapp\VmixP8.dll
2017-05-22 10:13 - 2017-05-22 10:13 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-12-07 12:34 - 2017-12-07 12:34 - 000197120 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-12-07 12:26 - 2017-12-07 12:26 - 000044544 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-12-07 12:49 - 2017-12-07 12:49 - 000151040 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2017-12-07 12:26 - 2017-12-07 12:26 - 000097280 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2017-10-02 07:54 - 2017-10-02 07:54 - 000013312 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-10-02 07:54 - 2017-10-02 07:54 - 001950720 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2017-10-28 10:38 - 2017-04-13 17:58 - 050656768 _____ () C:\Users\Josh\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-10-28 10:38 - 2017-04-13 17:58 - 001874944 _____ () C:\Users\Josh\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-10-28 10:38 - 2017-04-13 17:58 - 000075264 _____ () C:\Users\Josh\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-12-28 21:30 - 2017-06-04 15:01 - 000013472 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
 
There are 332 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Josh\Desktop\Pictures\Green & Blue\radiance_sky_night_118994_1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Sonic Studio 3"
HKLM\...\StartupApproved\Run: => "Cmaudio8788GX64"
HKLM\...\StartupApproved\Run: => "Cmaudio8788GX"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_92FAC127B73B341DEBA48C3C3C08C1A5"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "gflauncher"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "MyComGames"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{43932D13-754B-4D66-9ECA-0F3B8D7AFDBC}C:\users\josh\desktop\rustadminrelease\rustadmin.exe] => (Allow) C:\users\josh\desktop\rustadminrelease\rustadmin.exe
FirewallRules: [TCP Query User{3D351631-2EDF-4627-A7BB-CA5D94DBB573}C:\users\josh\desktop\rustadminrelease\rustadmin.exe] => (Allow) C:\users\josh\desktop\rustadminrelease\rustadmin.exe
FirewallRules: [{0906C6D1-990D-40CB-BC47-F9C0826280B5}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B178D139-0A61-4C18-AA4D-D0E187AC85D0}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{47879C99-F9B8-4D8D-B5B3-4AB709ECF173}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{7014A4CD-E5F3-4390-8A17-FB39D8C4C942}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{054CCB1A-AB37-47C7-9BBF-F2B2A5D928FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{693FCDEA-687A-48D0-95AA-155D5E13D3CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5BC97191-9BAC-4F3D-A1B2-3908B9A41E7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0845A947-8F0A-4DAD-AAF3-3E2E8AF06719}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{42DA246D-0616-400A-979F-B6984F590152}] => (Allow) D:\SteamLibrary\steamapps\common\BRINK\brink.exe
FirewallRules: [{91E2F05E-9DFF-44F9-9412-7E3631829891}] => (Allow) D:\SteamLibrary\steamapps\common\BRINK\brink.exe
FirewallRules: [{9975E093-BD15-4649-821C-7BBBFA97D059}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium-2.exe
FirewallRules: [{160802B9-DA08-4815-B8F7-4BD715C8F99D}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium-2.exe
FirewallRules: [{167C2C8A-75D7-47C6-B0F3-6FCB28BE7B9C}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{99567BD9-26DE-4BB3-9E1D-32CF6AEA7B67}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{36115F94-6BC7-463C-B8BE-C6E9DA326F2E}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{3ECDB42E-38F3-4309-9B98-C5060676492E}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{7580BF25-F3CF-4B4A-B592-2618289C2B3D}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{ACAD52FA-A141-4876-A3B6-96F25A51C5FE}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{457D2D8C-87B6-4B15-9BB5-05E8A6A21828}] => (Allow) D:\SteamLibrary\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [UDP Query User{03FA34BD-FF92-4AFB-9FBE-D9BA5FC6F37C}C:\users\josh\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\josh\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{5ECCCFF9-6080-4213-90EA-AE8485EC620F}C:\users\josh\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\josh\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{A6341455-2CD7-44A7-941C-EA2AFCB70DE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1D33E46D-182A-4C4A-8358-A3E7F29EF36D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF643905-4EFF-4E98-945B-5CBFB6D895B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{34E679FD-6FA9-4441-A7B3-0AC9C45067D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{810445F5-67EC-4C56-BE5E-5D7856550291}D:\steamlibrary\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe] => (Allow) D:\steamlibrary\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe
FirewallRules: [TCP Query User{A572F5F2-40FC-4CF7-8847-C412D54A0A20}D:\steamlibrary\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe] => (Allow) D:\steamlibrary\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe
FirewallRules: [{86CB5BD8-FE2A-4CB0-A2CB-99DD36042241}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{E91DB0B7-1E40-479A-8526-11ACA13F528D}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{2FAE49F6-B2D6-481B-9C0C-5F836D345C95}] => (Allow) D:\SteamLibrary\steamapps\common\Splinter Cell - Double Agent\SCDALauncher.exe
FirewallRules: [{EF9BA4E5-9364-4C5A-A0E5-6641D0B12FBC}] => (Allow) D:\SteamLibrary\steamapps\common\Splinter Cell - Double Agent\SCDALauncher.exe
FirewallRules: [UDP Query User{C5335D97-0B36-4E6A-A8E0-15F1DE0B78C4}D:\steamlibrary\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [TCP Query User{E6981626-FF61-4ABE-9125-2DE4BA856535}D:\steamlibrary\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [{7856CF5F-0DBE-4781-87CE-632C482C1678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 4\dirt4.exe
FirewallRules: [{7016D34A-4EA9-4487-88E6-851E21F1CC26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 4\dirt4.exe
FirewallRules: [{E210FCCA-98B1-460E-ACC0-80E4F8F7238A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{E86668B4-0DE0-453E-82EC-A442D1E2A01F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{E46FC06F-9C62-4C4D-BA26-8A7CCA9CD72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{11AAA497-9E95-4C83-B88A-A3B4B91EB2EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B5059AA6-0279-45D9-905B-DB288534D4A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B6D22178-B9A2-4392-B4D0-18A595DF85E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E0A4221B-2ADB-4547-85E5-FF7BF9ECF810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E4D874DD-F90E-49AF-B155-F0FD67271C67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{75BE1CE2-D675-4337-A693-81FAAB99BD2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{F9437635-2358-465F-885D-7A69CBAEF68E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B3E42955-997B-4837-9316-00F4B5412B2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2D979558-F434-43E7-94CE-32400AB8F6DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6CC7D24C-1D4C-4C37-8FFA-0B1ADB78238D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{26A387E0-7C72-43F8-B0EF-044FFA4803EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8CA74494-7FC9-4C95-ACE7-C2E3DADBACC9}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{14DC843B-02D1-44DB-AEBA-BD980D54C9CE}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{AC870268-BB1B-4DAA-AAC3-2A2375DFEFB1}] => (Allow) D:\SteamLibrary\steamapps\common\Wildlands\GRW.exe
FirewallRules: [{8786884F-B992-4815-9450-C2D7235A4891}] => (Allow) D:\SteamLibrary\steamapps\common\Wildlands\GRW.exe
FirewallRules: [UDP Query User{7CF45583-BF06-44CD-9AD2-DB88172FFD15}D:\steamlibrary\steamapps\common\argo\argo_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\argo\argo_x64.exe
FirewallRules: [TCP Query User{ECD882B8-892E-4653-AD8C-D426ED00EC30}D:\steamlibrary\steamapps\common\argo\argo_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\argo\argo_x64.exe
FirewallRules: [{2CA050C6-A841-4FE1-B74A-270754938123}] => (Allow) D:\SteamLibrary\steamapps\common\Argo\argobattleye.exe
FirewallRules: [{2A840883-E6AD-490E-89D5-4F55D3B5243D}] => (Allow) D:\SteamLibrary\steamapps\common\Argo\argobattleye.exe
FirewallRules: [{9F9759E1-261C-44C6-ABFD-5263449C77BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{6B6B9C77-2530-496D-B7AC-BA13DB201C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1CE9E399-6951-42E2-8941-5BEE49FA2EC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{6971CCE2-7443-4F84-BEB5-F3690A6D4095}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{1EFFD276-045E-455C-BEC0-4B6D4602105A}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{595E54AB-3EC9-4380-8B13-158434B2BE5A}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{9BFA7A82-A5D2-4BD9-9C8C-FACF5D342140}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe
FirewallRules: [{201C1DEC-2E5D-4075-8906-2BCB6E1A504A}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe
FirewallRules: [{DA3032FD-AE2E-42F4-BB42-D709AB204052}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe
FirewallRules: [{7232A877-1938-46BC-9BFF-C98821C5B50F}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe
FirewallRules: [UDP Query User{BAF2C8B2-A1E1-466B-9CF0-C52B8EC97823}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{27957C57-8425-4E13-B0F1-679507CE01DA}C:\users\josh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3F2A6090-3D23-4948-9AF3-45410FF6193D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8AEB35EE-14B7-4A24-A049-07951704451C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{065062E0-379B-4BCF-BF07-1060EBC64873}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{38F34C60-3A74-4974-9776-02D4211113F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7E16F48-7BE6-457D-A070-D32B14CA4792}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A43E6D13-577F-4ECF-8180-66820DE9E5AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{50AC72BF-73FE-4D76-B993-63617449CF0A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C322354-6F04-4569-9FCD-FE7074C7AA5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1B89E291-0406-4590-BAA9-54DD8BEE572E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{67768785-9407-4DFA-9056-2BABB3137C33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CFCA20D-AD5C-4A35-A897-687189F108AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3B08195B-00C6-4A01-A016-D921B901FA94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E63C7B1B-202A-4E92-8392-4F07E57F600A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{165C8593-5481-45EA-BFF9-89F8CA886E94}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2C8E634D-10DD-4982-9BD3-C79BEC3FB511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{BED621FC-61E9-4452-AD5A-4E2EDE880DE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{B2D278B9-9F1E-4114-B059-DC1826CA8EE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{9CAA1A62-F903-4DCA-840F-897D8B055B61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4F4D2358-1CD0-4A01-98EE-C10F6DE9B49F}] => (Allow) C:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{84F217A7-76E5-4270-A314-FEDE19FC35E9}] => (Allow) C:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{CE82AA80-4718-4E79-AE25-C81970EE5211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{910D8A83-AB97-4F60-9A56-0124E24A4F11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{2E65341A-E96C-456F-96F2-D0EEF755C44C}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe
FirewallRules: [{F27A8BC5-F5C3-4BC2-B588-059041DE7E8D}] => (Allow) E:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe
FirewallRules: [{5D62227B-2954-43E7-858E-98B0786581E0}] => (Allow) E:\SteamLibrary\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{CF1EE462-C769-4796-AB9F-8ECD7AF32836}] => (Allow) E:\SteamLibrary\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{8ACEA46A-6867-4AEB-8D6F-258651CB22C4}] => (Allow) E:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{705EDFA4-3840-4887-BF91-E070BE79D1F8}] => (Allow) E:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D6822B72-DEB6-440E-904A-BFD1E7B9A079}] => (Allow) E:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{B43BE2CE-39B6-44A6-A6E2-3523B1AA4FB3}] => (Allow) E:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{783C6757-6600-412B-99DE-5E98B7FAB19D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{599EC02D-79D1-4867-A56F-5C8ECD7C6C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{0473BF4B-A4A8-4280-AED1-D790BB30EF88}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{868E91C1-173A-43F8-8C5E-1E3134AD9A89}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{18E96426-D46D-4A7B-AEAB-57787B02BF97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{52E496D6-7F9C-43A9-AA8F-804AAFEDFF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{6513094D-1072-478D-8C79-690915FF2A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{44594D53-04CF-4E8D-9AFF-9952E1BF8FE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{AF42084A-3322-43D3-B32B-11CEDE0D2DB7}] => (Allow) C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{218BB63D-52A9-4771-94CE-D145E4F88498}] => (Allow) C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D7AA902-29F7-44D8-AA2F-A520EF318344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{65D28854-33B9-4BC4-B022-9DD362715246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{97FBC4D9-DED2-4DE2-8F5A-C19BC142ADD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{68EC893D-41EC-4AA0-8917-E55B8758248A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{82717519-75CB-4CE3-B6F1-EF067EFCDD4B}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{CFDA9594-3FF9-439D-A728-B6564275F85E}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{138D3B1D-6664-40E6-88F6-B1A82386063E}] => (Allow) D:\SteamLibrary\steamapps\common\Lucius\Lucius.exe
FirewallRules: [{8CAB8F26-E24D-44C6-BA1E-4242C745DF0B}] => (Allow) D:\SteamLibrary\steamapps\common\Lucius\Lucius.exe
FirewallRules: [{D234CF43-8E96-477A-BD01-D93E4706F273}] => (Allow) D:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{C299116A-553D-4992-836B-F3A6A4DF5BE2}] => (Allow) D:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{0EB64884-F187-4F10-9F31-A77E36746B36}] => (Allow) D:\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{CFFD2CC9-948E-4AD5-AC2C-89A1EFDC7C4A}] => (Allow) D:\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{16B78A45-088E-4125-8E99-E78EB673E773}] => (Allow) D:\SteamLibrary\steamapps\common\Legends of Atlantis Exodus\Game_Atlantis.exe
FirewallRules: [{1AE218D9-F123-4E1D-B9E2-15A313F8A25B}] => (Allow) D:\SteamLibrary\steamapps\common\Legends of Atlantis Exodus\Game_Atlantis.exe
FirewallRules: [{D966DA9C-7C4C-4A4F-A4E4-CDC438F21E46}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{F656C7FC-C159-4254-8DDB-4E8044A13DA7}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{B033C8B1-D9BD-4C3F-A6EF-582929F7BBC0}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{29399746-4435-4FE6-B38E-A8AC9CC55C2F}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FD14E110-AC6F-4AD1-844A-3BE9B21BD2DA}] => (Allow) D:\GTA5.exe
FirewallRules: [{F43264CC-A0D7-4EC6-9156-A34A9AC2F8CA}] => (Allow) D:\GTA5.exe
FirewallRules: [{EED41528-1C4E-4DEC-88F4-FE1936CFFB01}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5CF6E379-03F2-4AA7-AB92-C048221A72F7}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{A7513537-8B05-4615-AD79-FCD1E2F3110A}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{3AE8DAC1-2669-4914-8318-4FE78DDD4979}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{5E8676BC-F2F6-452C-AB27-B6FD4A309778}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4486920F-63E2-46D7-9D25-BEE3599AB1C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{9BBD9FE9-2DE8-4D3E-AD04-9BBE894FF6A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{EAFDC7B5-4154-4B11-A1E8-B31998D3E6E7}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{526242CE-3818-4FAC-900A-1E719968A059}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{2400D336-3C59-4898-8EF6-64BCF22436A6}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6BC719DF-C05E-4B40-9E9B-44FC4ABC2132}D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{2D1833B4-9136-457F-8075-B25AC89BCFB0}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{88F97B5C-29A9-4039-BDB2-51FB09F1FA3D}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{828FF879-A881-4983-841D-9C7EEB797448}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{0A921115-CBE1-4E4D-B745-D9E86A0C16E4}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{DBC9D5C0-AD24-4A35-9160-91735804D4CC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{3C8D77FF-B0C4-41E1-8746-939B966A4DDF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{F0893873-9741-4071-8C43-F9C7781A0B71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F32A1F73-8138-4E28-AA92-060BD4036D53}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D72D1E3A-4F8A-44CB-A7EC-CB7E12937A17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5B5D8D38-E96C-49CA-961F-0C9314C99697}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7A7B4CD7-E2EC-4E71-9632-88D41D953940}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D736B730-932F-4264-B181-6CA121EB31DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8DF43FC-3AFF-4BE3-8B6F-F11212176164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1FDCB053-02C3-4A7B-B933-9BA6185148C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4D7ED018-A2BE-49C5-8E98-87A90E8F4A57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{7D874FA9-0236-45C5-AC16-A8F8223E2959}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{323B828E-623D-467B-8F3D-85A3F95F6185}] => (Allow) D:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe
FirewallRules: [{114E8FA5-2C2A-490F-8EE2-959F25518852}] => (Allow) D:\SteamLibrary\steamapps\common\Wolfenstein.II.The.New.Colossus\NewColossus_x64vk.exe
FirewallRules: [TCP Query User{C9276F55-E49C-4D34-8FAD-0225EB10122E}C:\users\josh\desktop\rust admin\rustadminrelease\rustadmin.exe] => (Allow) C:\users\josh\desktop\rust admin\rustadminrelease\rustadmin.exe
FirewallRules: [UDP Query User{A107296D-21EB-43EF-9DAC-76027A38BA46}C:\users\josh\desktop\rust admin\rustadminrelease\rustadmin.exe] => (Allow) C:\users\josh\desktop\rust admin\rustadminrelease\rustadmin.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2018 02:50:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/22/2018 02:50:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/22/2018 02:50:49 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/22/2018 02:50:49 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/20/2018 04:11:57 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\SysWOW64\rundll32.exe  mbar.dll Start /z "C:\Users\Josh\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8004231f).
 
Error: (01/20/2018 04:11:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\SysWOW64\rundll32.exe  mbar.dll Start /z "C:\Users\Josh\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8004231f).
 
Error: (01/19/2018 11:12:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x38dc
Faulting application start time: 0x01d3917af6c480e4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 30141a6a-5265-42fd-820e-24e10d8de1a5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/19/2018 11:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x4180
Faulting application start time: 0x01d3917ada60e342
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 9f534192-9cf8-4eb8-820d-88ff78de4bf5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/19/2018 11:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x3514
Faulting application start time: 0x01d3917a52e1392e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 4904d286-849a-437e-b0b9-da4b36f05aed
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/19/2018 11:06:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x3768
Faulting application start time: 0x01d3917a1466e108
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: f29f7b20-1a95-4b66-8f1b-4dcaa7ececbe
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/24/2018 02:28:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RP2SKNQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-RP2SKNQ\Josh SID (S-1-5-21-1221996817-3023876139-3523539557-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/23/2018 10:23:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RP2SKNQ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-20 19:08:07.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-20 04:46:54.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:57:18.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:57:18.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:57:12.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:57:12.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:54:15.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:54:15.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:54:13.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-17 23:54:13.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 37%
Total physical RAM: 16314.71 MB
Available physical RAM: 10273.2 MB
Total Virtual: 22970.71 MB
Available Virtual: 15712.31 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.8 GB) (Free:4.36 GB) NTFS
Drive d: (Games) (Fixed) (Total:931.51 GB) (Free:541.79 GB) NTFS
Drive f: (Spare) (Fixed) (Total:465.76 GB) (Free:465.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C89A59B2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C6A07561)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=481 MB) - (Type=27)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 21B45B1E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 24 January 2018 - 09:40 AM

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 c0up51er

c0up51er
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colwyn Bay
  • Local time:12:30 AM

Posted 24 January 2018 - 09:56 AM

I haven't had any issues with it at all after the first MBAR and MBAM tests we ran completed. :)

 

Fixlog.txt is listed below;

 

 

 

----------------------------------------------------------------

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Josh (24-01-2018 14:47:34) Run:2
Running from C:\Users\Josh\Desktop\AntiVirus
Loaded Profiles: Josh (Available Profiles: defaultuser0 & Josh & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://search.strtpoint.com/?c=5&v=insMac&t=1412&ap=209950001&r=0eced2d6edafe59000211ee1ded5dbf4","hxxp://www.google.com/","hxxps://encrypted.google.com"
 
Task: {3647C1F1-A6F8-4C1D-800F-641CDFDE193D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_92FAC127B73B341DEBA48C3C3C08C1A5"
 
C:\ProgramData\21287q55855B44282H99998
C:\ProgramData\52902q49011B33122H97779
C:\WINDOWS\system32\Drivers\7422C2DA.sys
C:\WINDOWS\system32\Drivers\46126792.sys
 
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => key not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key not found
"Chrome StartupUrls" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3647C1F1-A6F8-4C1D-800F-641CDFDE193D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3647C1F1-A6F8-4C1D-800F-641CDFDE193D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
C:\Windows => ":nlsPreferences" ADS removed successfully
"HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_92FAC127B73B341DEBA48C3C3C08C1A5" => removed successfully
"HKU\S-1-5-21-1221996817-3023876139-3523539557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_92FAC127B73B341DEBA48C3C3C08C1A5" => not found
C:\ProgramData\21287q55855B44282H99998 => moved successfully
C:\ProgramData\52902q49011B33122H97779 => moved successfully
C:\WINDOWS\system32\Drivers\7422C2DA.sys => moved successfully
C:\WINDOWS\system32\Drivers\46126792.sys => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33067898 B
Java, Flash, Steam htmlcache => 23599148 B
Windows/system/drivers => 94114 B
Edge => 7667294 B
Chrome => 379575843 B
Firefox => 51784429 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 274593 B
systemprofile32 => 0 B
LocalService => 41822 B
NetworkService => 147456 B
defaultuser0 => 0 B
Josh => 580624898 B
Administrator => 22467559 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:47:47 ====


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 24 January 2018 - 01:25 PM

Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 27 January 2018 - 10:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users