Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32\cmd.exe keeps downlaoding virus in Temp folder


  • This topic is locked This topic is locked
7 replies to this topic

#1 Koussy

Koussy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 28 January 2018 - 04:11 PM

I have a problem in which i have system32\cmd.exe opens randomly and starts downloading a file to Appdata\Local\Temp which is then caught and quarantined by EMSISoft antivirus. I have included screenshots of both these processes. I have tried all the possible antivirus programs i have seen on similar threads but all of them come up clean and cant find the actual virus that is downloading the files.

 

Here is the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Omar (administrator) on KOUSSY-ASUS (28-01-2018 15:51:59)
Running from C:\Users\Omar\Downloads
Loaded Profiles: Omar (Available Profiles: Omar)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\wksprt.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\UMonit64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Dropbox, Inc.) C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Users\Omar\Desktop\GwentUP\GwentUp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Dropbox, Inc.) C:\Users\Omar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Omar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Omar\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.188_none_16c3dcde323064d9\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8887688 2018-01-03] (Emsisoft Ltd)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2016-02-16] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-04] (Microsoft Corp.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [autodetect] => C:\Program Files (x86)\Mobinil USB modem\AutoDect.exe [129872 2010-11-24] ()
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [272200 2016-11-29] (SecureW2 B.V.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [Dropbox Update] => C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [Spotify] => C:\Users\Omar\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-10-24] (Spotify Ltd)
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Run: [Spotify Web Helper] => C:\Users\Omar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-24] (Spotify Ltd)
Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-03-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 128.118.25.3 130.203.1.4 128.118.141.32 146.186.163.66 128.118.70.5 146.186.130.2
Tcpip\..\Interfaces\{48c8e745-cd71-4bc0-a245-360d0a4245f0}: [DhcpNameServer] 128.118.25.3 130.203.1.4 128.118.141.32 146.186.163.66 128.118.70.5 146.186.130.2
Tcpip\..\Interfaces\{8069b47a-21e7-4fe0-b096-d8d196451d38}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913 [2018-01-26]
FF Extension: (Pray Times!) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\azan-times@hamid.net.xpi [2018-01-26]
FF Extension: (Pioneer Enrollment) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2018-01-26] [Legacy]
FF Extension: (RescueTime for Firefox) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\rescuetime_firefox@rescuetime.com.xpi [2018-01-26]
FF Extension: (EPUBReader) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2018-01-26]
FF Extension: (LeechBlock) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2018-01-26] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Omar\AppData\Roaming\Mozilla\Firefox\Profiles\pe73sb1j.default-1434943096913\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-26]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2183308590-3637135890-3914418578-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Omar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2183308590-3637135890-3914418578-1001: SkypePlugin -> C:\Users\Omar\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2183308590-3637135890-3914418578-1001: SkypePlugin64 -> C:\Users\Omar\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://www.tunnelbear.com
CHR DefaultSearchKeyword: Default -> hush
CHR Profile: C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default [2018-01-28]
CHR Extension: (Slides) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-16]
CHR Extension: (YouTube) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-16]
CHR Extension: (Honey) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-01-27]
CHR Extension: (Adblock Plus) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (uBlock Origin) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-01-18]
CHR Extension: (Block & Focus) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpbedhdekgkhigjgmlcbmcjoeaebbfm [2018-01-14]
CHR Extension: (Tampermonkey) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-16]
CHR Extension: (Block site) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-12-04]
CHR Extension: (Sheets) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-16]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-01-22]
CHR Extension: (Hush - private bookmarking) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2017-07-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-01-27]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-22]
CHR Extension: (Popup Blocker Pro) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2017-12-28]
CHR Extension: (Skype) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (Ghostery) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-11]
CHR Extension: (Wikibuy) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2017-04-16]
CHR Extension: (TunnelBear Inc.) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-11-18]
CHR Extension: (SpeakIt!) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2017-05-10]
CHR Extension: (Gmail) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR Extension: (Skype Calling) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-04-16]
CHR Profile: C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-29]
CHR Extension: (Google Translate) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-31]
CHR Extension: (Google Slides) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-31]
CHR Extension: (Google Docs) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-31]
CHR Extension: (Google Drive) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-31]
CHR Extension: (Thomson Reuters Eikon - Web Access) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgmffekcagmbjmhnpmnmeoabfnppcgeh [2017-07-31]
CHR Extension: (YouTube) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-31]
CHR Extension: (GeoGebra Math Apps) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2017-07-31]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2017-07-31]
CHR Extension: (Pushbullet) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-07-31]
CHR Extension: (uBlock Origin) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-31]
CHR Extension: (Google Sheets) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-31]
CHR Extension: (Quora Upvotes) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hanbagoelhifoljgclgogadiimggibep [2017-07-31]
CHR Extension: (Delayed Gratification) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifhndomfnbmggdgodaicfebeggdphlcn [2017-07-31]
CHR Extension: (Imagus) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-07-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-31]
CHR Extension: (The Great Suspender) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-07-31]
CHR Extension: (Read Mode) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nagcaahojecfeopbghgihcabgiepploa [2017-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-31]
CHR Extension: (Gmail) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-31]
CHR Extension: (Chrome Media Router) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-31]
CHR Extension: (f*ck overlays) - C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppedokobpbdajgiejhnjfbdjlgobcpkp [2017-07-31]
CHR Profile: C:\Users\Omar\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9236912 2018-01-03] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
S4 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-04] (Microsoft Corp.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2017-01-18] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [532552 2018-01-18] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2017-12-15] (GOG.com)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-29] (SurfRight B.V.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-04] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-19] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-19] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-04] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-12] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-12] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47160 2015-11-24] (Disc Soft Ltd)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-08-03] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-18] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2016-11-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_0aea393ee4d64d3d\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58680 2018-01-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2015-07-10] (Scarlet.Crush Productions)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-12] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-29] (Zemana Ltd.)
S3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [123520 2011-03-26] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [123520 2011-03-26] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmeaext; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [123520 2011-03-26] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [123520 2011-03-26] (ZTE Incorporated) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-28 15:51 - 2018-01-28 15:52 - 000038095 _____ C:\Users\Omar\Downloads\FRST.txt
2018-01-28 15:50 - 2018-01-28 15:50 - 002393088 _____ (Farbar) C:\Users\Omar\Downloads\FRST64.exe
2018-01-28 14:02 - 2018-01-28 14:02 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Academic Cloud Services (RADC)
2018-01-26 03:17 - 2018-01-26 03:17 - 000000718 _____ C:\Users\Omar\Desktop\Robot.txt
2018-01-26 03:01 - 2018-01-26 03:01 - 000000160 _____ C:\Users\Omar\Desktop\late.txt
2018-01-26 01:52 - 2018-01-26 01:52 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\70830465.sys
2018-01-26 01:52 - 2018-01-26 01:52 - 000075658 _____ C:\TDSSKiller.2.8.16.0_26.01.2018_01.52.00_log.txt
2018-01-26 00:34 - 2018-01-26 00:34 - 000001068 _____ C:\Users\Public\Desktop\R x64 3.4.3.lnk
2018-01-26 00:34 - 2018-01-26 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2018-01-26 00:33 - 2018-01-26 00:33 - 000000000 ____D C:\Program Files\R
2018-01-26 00:32 - 2018-01-26 00:32 - 082374679 _____ (R Core Team ) C:\Users\Omar\Downloads\R-3.4.3-win.exe
2018-01-25 20:18 - 2018-01-25 20:18 - 000000222 _____ C:\Users\Omar\Desktop\Stellaris.url
2018-01-25 20:11 - 2018-01-25 20:11 - 000677779 _____ C:\Users\Omar\Downloads\354295600-Probability-Statistics-With-R-for-Engineers-and-Scientists-1st-Edition-Akritas-Solutions-Manual.pdf
2018-01-25 19:53 - 2018-01-25 19:55 - 007449629 _____ C:\Users\Omar\Downloads\Michael Akritas-Probability & Statistics with R for Engineers and Scientists-Pearson (2015).pdf
2018-01-24 20:06 - 2018-01-24 20:06 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-24 12:17 - 2018-01-24 12:17 - 000010224 _____ C:\Users\Omar\Downloads\RFSC Lab Access 1-24.xlsx
2018-01-19 23:30 - 2018-01-19 23:30 - 000000354 _____ C:\Users\Omar\Desktop\quarantine.txt
2018-01-19 23:24 - 2017-12-22 08:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-19 23:24 - 2017-12-22 08:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-19 22:52 - 2018-01-19 23:22 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-19 22:52 - 2018-01-19 22:52 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-19 22:52 - 2018-01-19 22:52 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-19 22:52 - 2018-01-19 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-19 22:52 - 2018-01-19 22:52 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-19 22:36 - 2018-01-28 15:51 - 000000000 ____D C:\FRST
2018-01-19 17:06 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-19 17:06 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-19 17:06 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-19 17:06 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-19 17:06 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-19 17:06 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-19 17:06 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-19 17:06 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-19 17:06 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-19 17:06 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-19 17:06 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-19 17:06 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-19 17:06 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-19 17:06 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-19 17:06 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-19 17:06 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-19 17:06 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-19 17:06 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-19 17:06 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-19 17:06 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-19 17:06 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-19 17:06 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-19 17:06 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-19 17:06 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-19 17:06 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-19 17:06 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-19 17:06 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-19 17:06 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-19 17:06 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-19 17:06 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-19 17:06 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-19 17:06 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-19 17:06 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-19 17:06 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-19 17:06 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-19 17:06 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-19 17:06 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-19 17:06 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-19 17:06 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-19 17:06 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-19 17:06 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-19 17:06 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-19 17:06 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-19 17:06 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-19 17:06 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-19 17:06 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-19 17:06 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-19 17:06 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-19 17:06 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-19 17:06 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-19 17:06 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-19 17:06 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-19 17:06 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-19 17:06 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-19 17:06 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-19 17:06 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-19 17:06 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-19 17:06 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-19 17:06 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-19 17:06 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-19 17:06 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-19 17:06 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-19 17:06 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-19 17:06 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-19 17:06 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-19 17:06 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-19 17:06 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-19 17:06 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-19 17:06 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-19 17:06 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-19 17:06 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-19 17:06 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-19 17:06 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-19 17:06 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-19 17:06 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-19 17:06 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-19 17:06 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-19 17:06 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-19 17:06 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-19 17:06 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-19 17:06 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-19 17:06 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-19 17:06 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-19 17:06 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-19 17:06 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-19 17:06 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-19 17:06 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-19 17:06 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-19 17:06 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-19 17:06 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-19 17:06 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-19 17:06 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-19 17:06 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-19 17:06 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-19 17:06 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-19 17:06 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-19 17:06 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-19 17:06 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-19 17:06 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-19 17:06 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-19 17:06 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-19 17:06 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-19 17:06 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-19 17:06 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-19 17:06 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-19 17:06 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-19 17:06 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-19 17:06 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-19 17:06 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-19 17:06 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-19 17:06 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-19 17:06 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-19 17:06 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-19 17:06 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-19 17:06 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-19 17:06 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-19 17:06 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-19 17:06 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-19 17:06 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-19 17:06 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-19 17:06 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-19 17:06 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-19 17:06 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-19 17:06 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-19 17:06 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-19 17:06 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-19 17:06 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-19 17:06 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-19 17:06 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-19 17:06 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-19 17:06 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-19 17:06 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-19 17:06 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-19 17:06 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-19 17:06 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-19 17:06 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-19 17:06 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-19 17:06 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-19 17:06 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-19 17:06 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-19 17:06 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-19 17:06 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-19 17:06 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-19 17:06 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-19 17:06 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-19 17:06 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-19 17:06 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-19 17:06 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-19 17:06 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-19 17:06 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-19 17:06 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-19 17:06 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-19 17:06 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-19 17:06 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-19 17:06 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-19 17:06 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-19 17:06 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-19 17:06 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-19 17:06 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-19 17:06 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-19 17:06 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-19 17:06 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-19 17:06 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-19 17:06 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-19 17:06 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-19 17:06 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-19 17:06 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-19 17:06 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-19 17:06 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-19 17:06 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-19 17:06 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-19 17:06 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-19 17:06 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-19 17:06 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-19 17:06 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-19 17:06 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-19 17:06 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-19 17:06 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-19 17:06 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-19 17:06 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-19 17:06 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-19 17:06 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-19 17:06 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-19 17:06 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-19 17:06 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-19 17:06 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-19 17:06 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-19 17:06 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-19 17:06 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-19 17:06 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-19 17:06 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-19 17:06 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-19 17:06 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-19 17:06 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-19 17:06 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-19 17:06 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-19 17:06 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-19 17:06 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-19 17:06 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-19 17:06 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-19 17:06 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-19 17:06 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-19 17:06 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-19 17:06 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-19 17:06 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-19 17:06 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-19 17:06 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-19 17:06 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-19 17:06 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-19 17:06 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-19 17:06 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-19 17:06 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-19 17:06 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-19 17:06 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-19 17:06 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-19 17:06 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-19 17:06 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-19 17:06 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-19 17:06 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-19 17:06 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-19 17:06 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-19 17:06 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-19 17:06 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-19 17:06 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-19 17:06 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-19 17:06 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-19 17:06 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-19 17:06 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-19 17:06 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-19 17:06 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-19 17:06 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-19 17:06 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-19 17:06 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-19 17:06 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-19 17:06 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-19 17:06 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-19 17:06 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-19 17:06 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-19 17:06 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-19 17:06 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-19 17:06 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-19 17:06 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-19 17:06 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-19 17:06 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-19 17:06 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-19 17:06 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-19 17:06 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-19 17:06 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-19 17:06 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-19 17:06 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-19 17:06 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-19 17:06 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-19 17:06 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-19 17:06 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-19 17:06 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-19 17:06 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-19 17:06 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-19 17:06 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-19 17:06 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-19 17:06 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-19 17:06 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-19 17:06 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-19 17:06 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-19 17:06 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-19 17:06 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-19 17:06 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-19 17:06 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-19 17:06 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-19 17:06 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-19 17:06 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-19 17:06 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-19 17:06 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-19 17:06 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-19 17:06 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-19 17:06 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-19 17:06 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-19 17:06 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-19 17:06 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-19 17:06 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-19 17:06 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-19 17:06 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-19 17:06 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-19 17:06 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-19 17:06 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-19 17:06 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-19 17:06 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-19 17:06 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-19 17:06 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-19 17:06 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-19 17:06 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-19 17:06 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-19 17:06 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-19 17:06 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-19 17:06 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-19 17:06 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-19 17:06 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-19 17:06 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-19 17:06 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-19 17:06 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-19 17:06 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-19 17:06 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-19 17:06 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-19 17:06 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-19 17:06 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-19 17:06 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-19 17:06 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-19 17:06 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-19 17:06 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-19 17:06 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-19 17:06 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-19 17:06 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-19 17:06 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-19 17:06 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-19 17:06 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-19 17:06 - 2017-10-25 04:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-19 17:06 - 2017-10-24 23:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-19 17:06 - 2017-10-24 23:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-19 17:06 - 2017-10-24 23:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-19 17:06 - 2017-10-24 23:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-19 17:06 - 2017-10-24 23:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-19 17:06 - 2017-10-24 23:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-19 17:06 - 2017-10-24 23:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-19 17:06 - 2017-10-24 23:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-19 17:06 - 2017-10-24 23:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-19 17:06 - 2017-10-24 23:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-19 17:06 - 2017-10-24 23:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-19 17:06 - 2017-10-24 23:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-19 17:06 - 2017-10-24 22:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-19 17:06 - 2017-10-24 22:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-19 17:06 - 2017-10-24 22:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-19 17:06 - 2017-10-24 22:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-19 17:06 - 2017-10-24 22:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-19 17:06 - 2017-10-24 22:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-01-19 17:06 - 2017-10-24 22:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-19 17:06 - 2017-10-24 22:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-19 17:06 - 2017-10-24 22:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-19 17:06 - 2017-10-24 22:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-19 17:06 - 2017-10-24 22:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-19 17:06 - 2017-10-24 22:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-01-19 17:06 - 2017-10-24 22:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-19 17:06 - 2017-10-24 22:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-19 17:06 - 2017-10-24 22:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-19 17:06 - 2017-10-24 22:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-19 17:06 - 2017-10-24 22:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-19 17:06 - 2017-10-24 22:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-19 17:06 - 2017-10-24 22:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-19 17:06 - 2017-10-24 21:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-19 17:06 - 2017-10-20 00:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-19 17:06 - 2017-10-10 02:11 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-19 17:06 - 2017-10-10 01:54 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-19 17:06 - 2017-10-10 01:49 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-19 17:06 - 2017-10-10 01:49 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-19 17:06 - 2017-10-10 01:43 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-19 17:06 - 2017-10-10 01:31 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-19 17:06 - 2017-10-10 01:11 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-19 17:06 - 2017-10-10 01:07 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-19 17:06 - 2017-10-10 01:06 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-19 17:06 - 2017-10-10 00:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-19 17:06 - 2017-10-10 00:42 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-19 17:06 - 2017-10-10 00:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-19 17:06 - 2017-10-10 00:33 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-19 17:06 - 2017-10-10 00:31 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-19 17:06 - 2017-10-10 00:30 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-19 17:06 - 2017-10-10 00:24 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-19 17:05 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-19 17:05 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-19 17:05 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-19 17:05 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-19 17:05 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-19 17:05 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-19 17:05 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-19 17:05 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-19 17:05 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-19 17:05 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-19 17:05 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-19 17:05 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-19 17:05 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-19 17:05 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-19 17:05 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-19 17:05 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-19 17:05 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-19 17:05 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-19 17:05 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-19 17:05 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-19 17:05 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-19 17:05 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-19 17:05 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-19 17:05 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-19 17:05 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-19 17:05 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-19 17:05 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-19 17:05 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-19 17:05 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-19 17:05 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-19 17:05 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-19 17:05 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-19 17:05 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-19 17:05 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-19 17:05 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-19 17:05 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-19 17:05 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-19 17:05 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-19 17:05 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-19 17:05 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-19 17:05 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-19 17:05 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-19 17:05 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-19 17:05 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-19 17:05 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-19 17:05 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-19 17:05 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-19 17:05 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-19 17:05 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-19 17:05 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-19 17:05 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-19 17:05 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-19 17:05 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-19 17:05 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-19 17:05 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-19 17:05 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-19 17:05 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-19 17:05 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-19 17:05 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-19 17:05 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-19 17:05 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-19 17:05 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-19 17:05 - 2017-10-24 22:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-19 17:05 - 2017-10-24 22:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-19 17:05 - 2017-10-24 22:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-19 17:05 - 2017-10-24 22:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-19 17:05 - 2017-10-24 21:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-19 17:05 - 2017-10-10 00:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-19 17:05 - 2017-10-10 00:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-19 17:05 - 2017-10-10 00:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-19 17:05 - 2017-10-10 00:31 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-19 17:05 - 2017-10-03 17:42 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-19 17:05 - 2017-10-03 17:42 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-18 13:09 - 2018-01-18 13:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-01-18 13:09 - 2018-01-18 13:09 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-18 13:09 - 2018-01-18 13:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-18 13:08 - 2018-01-18 13:08 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-01-18 13:08 - 2018-01-18 13:08 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-01-18 13:08 - 2018-01-18 13:08 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-01-18 13:08 - 2018-01-18 13:08 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-01-18 13:08 - 2018-01-18 13:08 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-01-18 13:08 - 2018-01-18 13:08 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-01-18 13:08 - 2018-01-18 13:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-01-18 13:08 - 2018-01-18 13:08 - 000000000 ____D C:\Program Files\MSBuild
2018-01-18 13:08 - 2018-01-18 13:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-01-18 13:08 - 2018-01-18 13:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-18 10:38 - 2018-01-25 19:40 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-01-18 10:38 - 2018-01-18 10:38 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-01-18 10:25 - 2018-01-19 23:32 - 000924998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-18 10:24 - 2018-01-18 10:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-18 10:23 - 2018-01-19 23:25 - 000000000 ___RD C:\Users\Omar\3D Objects
2018-01-18 10:23 - 2018-01-18 10:23 - 000000000 ___HD C:\Users\Omar\MicrosoftEdgeBackups
2018-01-18 10:22 - 2018-01-18 10:22 - 000000020 ___SH C:\Users\Omar\ntuser.ini
2018-01-18 10:22 - 2018-01-18 10:22 - 000000000 ____D C:\ProgramData\USOShared
2018-01-18 10:21 - 2018-01-18 10:21 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-01-18 10:21 - 2018-01-18 10:21 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-01-18 10:21 - 2018-01-18 10:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-18 10:20 - 2018-01-28 14:29 - 000003316 _____ C:\WINDOWS\System32\Tasks\dUNOaJnOOY
2018-01-18 10:20 - 2018-01-28 13:54 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-01-18 10:20 - 2018-01-28 13:54 - 000003538 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-01-18 10:20 - 2018-01-19 23:29 - 000003576 _____ C:\WINDOWS\System32\Tasks\EicacicmPaYO
2018-01-18 10:20 - 2018-01-19 23:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-18 10:20 - 2018-01-18 10:26 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:26 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:25 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 10:20 - 2018-01-18 10:20 - 000003648 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001UA1d236d1a63d66c7
2018-01-18 10:20 - 2018-01-18 10:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-18 10:20 - 2018-01-18 10:20 - 000003380 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001Core1d236d1a6383489
2018-01-18 10:20 - 2018-01-18 10:20 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-18 10:20 - 2018-01-18 10:20 - 000003300 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1153AFDB-14F2-4CA5-B060-AD145AFCE35D}
2018-01-18 10:20 - 2018-01-18 10:20 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-01-18 10:20 - 2018-01-18 10:20 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-18 10:20 - 2018-01-18 10:20 - 000002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2018-01-18 10:20 - 2018-01-18 10:20 - 000002950 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-01-18 10:20 - 2018-01-18 10:20 - 000002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2183308590-3637135890-3914418578-1001
2018-01-18 10:20 - 2018-01-18 10:20 - 000002886 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-18 10:20 - 2018-01-18 10:20 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2183308590-3637135890-3914418578-1001
2018-01-18 10:20 - 2018-01-18 10:20 - 000002684 _____ C:\WINDOWS\System32\Tasks\IOvpA
2018-01-18 10:20 - 2018-01-18 10:20 - 000002540 _____ C:\WINDOWS\System32\Tasks\Gaming Center
2018-01-18 10:20 - 2018-01-18 10:20 - 000002496 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2018-01-18 10:20 - 2018-01-18 10:20 - 000002420 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2018-01-18 10:20 - 2018-01-18 10:20 - 000002404 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2018-01-18 10:20 - 2018-01-18 10:20 - 000002394 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2018-01-18 10:20 - 2018-01-18 10:20 - 000002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2018-01-18 10:20 - 2018-01-18 10:20 - 000002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2018-01-18 10:20 - 2018-01-18 10:20 - 000002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2018-01-18 10:20 - 2018-01-18 10:20 - 000002372 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2018-01-18 10:20 - 2018-01-18 10:20 - 000002316 _____ C:\WINDOWS\System32\Tasks\SecureW2 Task
2018-01-18 10:20 - 2018-01-18 10:20 - 000002250 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2018-01-18 10:20 - 2018-01-18 10:20 - 000002236 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-18 10:20 - 2018-01-18 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-01-18 10:20 - 2018-01-18 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2183308590-3637135890-3914418578-1001
2018-01-18 10:20 - 2018-01-18 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-01-18 10:20 - 2018-01-18 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-01-18 10:20 - 2018-01-18 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-01-18 10:18 - 2018-01-18 10:18 - 000000000 ____D C:\ProgramData\Apple
2018-01-18 10:17 - 2018-01-18 10:17 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-01-18 10:16 - 2018-01-24 13:29 - 000000000 ____D C:\Users\Omar\AppData\Local\Packages
2018-01-18 10:16 - 2018-01-20 00:19 - 000000000 ____D C:\Users\Omar
2018-01-18 10:16 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-18 10:15 - 2018-01-18 10:15 - 000001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudio.lnk
2018-01-18 10:15 - 2018-01-18 10:15 - 000001283 _____ C:\Users\Public\Desktop\Waves MaxxAudio.lnk
2018-01-18 10:14 - 2018-01-28 13:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-18 10:14 - 2018-01-19 23:24 - 000467768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-18 09:30 - 2018-01-18 09:32 - 000144144 _____ C:\TDSSKiller.2.8.16.0_18.01.2018_09.30.10_log.txt
2018-01-18 09:30 - 2018-01-18 09:30 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\75159876.sys
2018-01-15 16:17 - 2018-01-26 01:40 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-12 12:42 - 2018-01-12 12:42 - 000000000 ____D C:\Users\Omar\AppData\Roaming\SmartSteamEmu
2018-01-12 12:39 - 2018-01-12 12:39 - 000000000 ____D C:\Users\Omar\AppData\LocalLow\OsmoticStudios
2018-01-12 05:16 - 2018-01-12 05:26 - 000000000 ____D C:\Program Files\rempl
2018-01-11 05:37 - 2018-01-11 05:38 - 000078042 _____ C:\TDSSKiller.2.8.16.0_11.01.2018_05.37.25_log.txt
2018-01-11 05:37 - 2018-01-11 05:37 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\73617391.sys
2018-01-11 04:39 - 2018-01-18 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-01-11 04:38 - 2018-01-28 15:51 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-01-11 04:25 - 2018-01-11 04:41 - 000000000 ____D C:\ProgramData\Emsisoft
2018-01-11 04:24 - 2018-01-24 12:30 - 000000000 ____D C:\EEK
2018-01-10 06:22 - 2018-01-10 06:22 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\48749586.sys
2018-01-10 06:22 - 2018-01-10 06:22 - 000078420 _____ C:\TDSSKiller.2.8.16.0_10.01.2018_06.22.16_log.txt
2018-01-09 16:37 - 2018-01-18 13:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-01-09 16:35 - 2018-01-03 20:44 - 040269624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 035179080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 019796520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 013430632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 011015584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 010900432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 004580320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 004306736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 003893792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 003707888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001975184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439065.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001674544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439065.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001334624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001134952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001125960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001053768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001049296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000988656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000938896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000616248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000599536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-01-09 16:35 - 2018-01-03 20:44 - 000048282 _____ C:\WINDOWS\system32\nvinfo.pb
2018-01-09 16:29 - 2018-01-19 22:42 - 000000681 _____ C:\Users\Omar\Desktop\JRT.txt
2018-01-09 16:26 - 2018-01-09 16:26 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\80640341.sys
2018-01-09 16:26 - 2018-01-09 16:26 - 000148526 _____ C:\TDSSKiller.2.8.16.0_09.01.2018_16.26.00_log.txt
2018-01-09 15:50 - 2018-01-18 09:28 - 000000906 _____ C:\Users\Omar\Desktop\Rkill.txt
2018-01-09 15:49 - 2018-01-19 22:42 - 000000000 ____D C:\Users\Omar\Desktop\Antimalware
2018-01-09 13:54 - 2018-01-09 13:54 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\03232594.sys
2018-01-09 13:54 - 2018-01-09 13:54 - 000076316 _____ C:\TDSSKiller.2.8.16.0_09.01.2018_13.54.18_log.txt
2018-01-09 13:52 - 2018-01-09 13:52 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-09 13:47 - 2018-01-09 13:48 - 000550948 _____ C:\TDSSKiller.2.8.16.0_09.01.2018_13.47.22_log.txt
2018-01-09 13:47 - 2018-01-09 13:47 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\29263687.sys
2018-01-09 13:46 - 2018-01-09 13:46 - 000562274 _____ C:\TDSSKiller.2.8.16.0_09.01.2018_13.46.06_log.txt
2018-01-09 13:46 - 2018-01-09 13:46 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\90979644.sys
2018-01-09 13:44 - 2018-01-09 13:45 - 000008128 _____ C:\TDSSKiller.2.8.16.0_09.01.2018_13.44.47_log.txt
2018-01-09 13:44 - 2018-01-09 13:44 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\30548232.sys
2018-01-09 12:42 - 2018-01-11 06:09 - 000000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-01-09 12:26 - 2018-01-09 12:26 - 000000000 ____D C:\ProgramData\RegRun
2018-01-09 12:25 - 2018-01-11 06:22 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-01-09 12:25 - 2018-01-09 12:39 - 000000000 ____D C:\Users\Omar\Documents\RegRun2
2018-01-09 12:25 - 2018-01-09 12:25 - 000000002 _____ C:\WINDOWS\winstart.bat
2018-01-09 12:25 - 2018-01-09 12:25 - 000000002 _____ C:\WINDOWS\SysWOW64\CONFIG.NT
2018-01-09 12:25 - 2018-01-09 12:25 - 000000002 _____ C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-01-09 12:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-01-07 18:50 - 2018-01-07 18:50 - 000000222 _____ C:\Users\Omar\Desktop\Crusader Kings II.url
2017-12-30 02:38 - 2017-12-31 05:48 - 000188756 _____ C:\TDSSKiller.3.1.0.15_30.12.2017_02.38.10_log.txt
2017-12-30 02:27 - 2017-12-30 02:27 - 000000000 ____D C:\Program Files (x86)\ESET
2017-12-30 02:19 - 2018-01-19 22:43 - 000000000 ____D C:\AdwCleaner
2017-12-30 02:18 - 2018-01-09 13:48 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-30 02:18 - 2017-12-30 02:23 - 000151516 _____ C:\TDSSKiller.2.8.16.0_30.12.2017_02.18.01_log.txt
2017-12-30 02:18 - 2017-12-30 02:18 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\34855905.sys
2017-12-29 06:41 - 2018-01-03 07:09 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-12-29 05:59 - 2018-01-18 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader Kings II Jade Dragon
2017-12-29 05:59 - 2017-12-29 05:59 - 000000804 _____ C:\Users\Omar\Desktop\Crusader Kings II Jade Dragon.lnk
2017-12-29 04:14 - 2018-01-09 16:13 - 000000774 _____ C:\WINDOWS\system32\.crusader
2017-12-29 03:59 - 2018-01-18 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-29 03:59 - 2017-12-29 03:59 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-29 03:59 - 2017-12-29 03:59 - 000000000 ____D C:\Program Files\HitmanPro
2017-12-29 03:58 - 2017-12-29 04:04 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-29 03:55 - 2018-01-28 15:52 - 001007091 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-29 03:55 - 2018-01-28 15:52 - 001003400 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-29 03:55 - 2018-01-18 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-12-29 03:55 - 2017-12-29 03:55 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-29 03:55 - 2017-12-29 03:55 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-12-29 03:55 - 2017-12-29 03:55 - 000001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-12-29 03:55 - 2017-12-29 03:55 - 000000000 ____D C:\Users\Omar\AppData\Local\Zemana
2017-12-29 03:55 - 2017-12-29 03:55 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-29 03:27 - 2018-01-18 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-29 03:27 - 2018-01-18 10:18 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-29 03:27 - 2017-12-29 03:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-29 03:27 - 2017-12-29 03:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-29 03:27 - 2017-12-29 03:27 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-29 03:27 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-28 13:52 - 2017-02-17 00:31 - 000000056 _____ C:\Users\Omar\AppData\Roaming\sp_data.sys
2018-01-27 20:29 - 2016-01-17 18:44 - 000000000 ____D C:\Users\Omar\AppData\Local\CrashDumps
2018-01-27 19:36 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-27 14:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-27 14:26 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-27 14:26 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-26 02:50 - 2016-12-06 13:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-26 02:50 - 2015-03-13 05:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-26 01:52 - 2016-12-07 21:46 - 000000000 ____D C:\Users\Omar\AppData\LocalLow\Mozilla
2018-01-26 01:40 - 2015-03-12 15:30 - 000000000 ____D C:\Users\Omar\AppData\Roaming\DAEMON Tools Lite
2018-01-26 01:40 - 2014-12-03 10:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-25 23:35 - 2016-03-09 01:12 - 000000000 ____D C:\Users\Omar\Documents\Paradox Interactive
2018-01-25 20:18 - 2016-05-15 15:44 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-25 20:00 - 2015-03-12 23:51 - 000000000 ____D C:\Users\Omar\AppData\Roaming\qBittorrent
2018-01-24 20:06 - 2015-03-12 15:53 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Dropbox
2018-01-21 11:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-20 17:26 - 2015-04-27 22:29 - 000000000 ____D C:\Users\Omar\AppData\Roaming\vlc
2018-01-19 23:26 - 2017-05-31 13:58 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-19 23:25 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-19 23:25 - 2015-03-13 02:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-19 23:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-19 23:22 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2018-01-19 23:22 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-19 23:21 - 2016-06-26 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Stanley Parable
2018-01-19 17:11 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-19 16:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-18 13:14 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-18 13:12 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-01-18 13:12 - 2017-11-04 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-01-18 13:12 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-18 13:12 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-18 13:12 - 2017-08-31 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nehrim - At Fate's Edge
2018-01-18 13:12 - 2017-07-07 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\SupportAppXL
2018-01-18 13:12 - 2017-07-07 08:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobinil USB modem
2018-01-18 13:12 - 2017-06-05 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2018-01-18 13:12 - 2017-06-01 05:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wasteland 2 - Director's Cut [GOG.com]
2018-01-18 13:12 - 2017-05-28 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planescape Torment Enhanced Edition
2018-01-18 13:12 - 2017-05-22 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Nightmares
2018-01-18 13:12 - 2017-05-04 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2018-01-18 13:12 - 2017-04-13 00:53 - 000000000 ____D C:\Program Files\UNP
2018-01-18 13:12 - 2017-04-03 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2018-01-18 13:12 - 2017-04-02 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2018-01-18 13:12 - 2017-03-26 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-01-18 13:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-18 13:12 - 2017-03-15 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Andromeda
2018-01-18 13:12 - 2017-03-01 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torment - Tides of Numenera [GOG.com]
2018-01-18 13:12 - 2017-02-16 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
2018-01-18 13:12 - 2016-11-29 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-18 13:12 - 2016-11-06 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-01-18 13:12 - 2016-10-29 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2018-01-18 13:12 - 2016-10-24 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-18 13:12 - 2016-10-24 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-01-18 13:12 - 2016-06-21 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2018-01-18 13:12 - 2016-02-13 01:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM 2
2018-01-18 13:12 - 2016-01-05 07:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2018-01-18 13:12 - 2015-12-29 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Age of Decadence
2018-01-18 13:12 - 2015-12-09 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-01-18 13:12 - 2015-11-24 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2018-01-18 13:12 - 2015-07-11 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-18 13:12 - 2015-07-10 08:14 - 000000000 ____D C:\WINDOWS\ShellNew
2018-01-18 13:12 - 2015-06-26 16:55 - 000000000 ____D C:\WINDOWS\en
2018-01-18 13:12 - 2015-04-21 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-01-18 13:12 - 2015-04-14 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-18 13:12 - 2015-04-14 20:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-01-18 13:12 - 2015-04-14 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-01-18 13:12 - 2015-04-14 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-18 13:12 - 2015-04-12 03:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2018-01-18 13:12 - 2015-03-23 03:42 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-18 13:12 - 2015-03-14 04:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-01-18 13:12 - 2015-03-14 04:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSave Manager v3
2018-01-18 13:12 - 2015-03-13 03:29 - 000000000 ____D C:\WINDOWS\system32\Plug-In Settings
2018-01-18 13:12 - 2015-03-12 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2018-01-18 13:12 - 2015-03-12 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-01-18 13:12 - 2015-03-12 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
2018-01-18 13:12 - 2015-03-12 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2018-01-18 13:12 - 2014-12-03 10:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaStory
2018-01-18 13:12 - 2014-12-03 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-18 13:12 - 2014-12-03 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2018-01-18 13:12 - 2014-12-03 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Gaming Mouse
2018-01-18 13:12 - 2014-12-03 10:34 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-01-18 13:12 - 2014-12-03 10:34 - 000000000 ____D C:\Program Files\Intel
2018-01-18 13:12 - 2014-09-24 07:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-18 13:12 - 2014-09-24 07:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-01-18 13:12 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-18 13:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-01-18 13:12 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-01-18 13:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-01-18 13:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-01-18 13:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-01-18 13:10 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-01-18 13:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-01-18 13:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-01-18 13:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-01-18 13:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-01-18 13:09 - 2017-05-31 13:58 - 000000000 ____D C:\Program Files\Realtek
2018-01-18 13:09 - 2016-11-09 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-01-18 13:09 - 2016-10-15 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2018-01-18 13:09 - 2016-01-31 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-01-18 13:09 - 2015-04-04 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2018-01-18 13:09 - 2015-03-12 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2018-01-18 10:31 - 2017-05-31 13:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-18 10:26 - 2017-05-31 13:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-18 10:26 - 2016-10-24 17:45 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-01-18 10:25 - 2017-05-31 13:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-18 10:23 - 2015-07-31 11:02 - 000000000 ____D C:\Users\Omar\AppData\Local\TileDataLayer
2018-01-18 10:22 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-18 10:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-01-18 10:21 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-18 10:20 - 2017-09-29 08:46 - 000000000 __RSD C:\WINDOWS\media
2018-01-18 10:20 - 2015-07-31 10:54 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-01-18 10:20 - 2015-03-15 21:09 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-18 10:20 - 2015-03-15 21:09 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-18 10:18 - 2017-12-12 23:36 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-01-18 10:18 - 2016-11-19 13:28 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE Launcher
2018-01-18 10:18 - 2016-08-10 11:50 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2018-01-18 10:18 - 2016-04-24 01:09 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2018-01-18 10:18 - 2016-01-31 00:36 - 000000000 ____D C:\ProgramData\Razer
2018-01-18 10:18 - 2015-07-11 00:13 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-18 10:17 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-18 10:16 - 2016-06-04 18:10 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-01-18 10:15 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-18 10:15 - 2017-05-31 13:58 - 000317076 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2018-01-18 10:15 - 2017-05-31 13:58 - 000006786 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2018-01-18 10:15 - 2017-05-31 13:58 - 000002626 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2018-01-18 10:15 - 2017-05-31 13:58 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-18 10:15 - 2017-05-31 13:58 - 000000000 ____D C:\Program Files\Elantech
2018-01-18 10:15 - 2014-12-03 10:35 - 000000000 ___HD C:\Intel
2018-01-18 09:23 - 2016-04-24 00:49 - 000000000 ____D C:\Users\Omar\AppData\Local\ElevatedDiagnostics
2018-01-18 09:15 - 2016-11-09 13:50 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2018-01-18 09:15 - 2016-10-24 12:46 - 000000035 _____ C:\WINDOWS\progress.ini
2018-01-18 09:15 - 2016-10-18 23:03 - 000000000 ____D C:\Windows10Upgrade
2018-01-18 09:15 - 2016-07-02 13:46 - 000000000 ___HD C:\$GetCurrent
2018-01-12 12:39 - 2015-03-12 16:01 - 000000000 ____D C:\Users\Omar\Documents\My Games
2018-01-11 10:38 - 2017-07-09 12:06 - 000000000 ____D C:\Users\Omar\Desktop\GwentUP
2018-01-10 15:19 - 2015-07-31 11:04 - 000002366 _____ C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 15:19 - 2015-07-31 11:04 - 000000000 ___RD C:\Users\Omar\OneDrive
2018-01-10 12:06 - 2015-03-12 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 12:02 - 2017-10-10 21:03 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 12:02 - 2015-03-12 18:07 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 11:59 - 2013-08-22 08:25 - 000000199 _____ C:\WINDOWS\win.ini
2018-01-10 09:33 - 2017-12-21 23:26 - 000058680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-01-10 09:33 - 2016-10-24 17:45 - 002425656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-01-10 09:33 - 2016-10-24 17:45 - 002090800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-01-10 09:33 - 2016-10-24 17:45 - 001310008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-01-10 08:36 - 2014-09-24 07:20 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-10 04:41 - 2017-04-08 01:06 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-01-09 16:38 - 2016-07-16 13:17 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-06 06:05 - 2015-03-12 22:10 - 000000000 ____D C:\Users\Omar\AppData\Roaming\Skype
2018-01-03 18:50 - 2017-05-31 13:58 - 005951336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 002588232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 001768480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 000631880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 000123704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-01-03 18:50 - 2017-05-31 13:58 - 000081992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-01-02 12:50 - 2017-03-26 21:32 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-01-02 12:50 - 2014-09-24 07:20 - 000000000 ____D C:\ProgramData\Skype
2018-01-01 03:41 - 2016-06-04 18:10 - 000000000 ____D C:\Users\Omar\AppData\Local\Ubisoft Game Launcher
 
==================== Files in the root of some directories =======
 
2017-03-18 15:59 - 2017-03-18 15:59 - 000001022 _____ () C:\Users\Omar\eYIEYNZop.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Omar\TeYZo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO
2017-03-18 15:59 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000174592 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\aOAHxyo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel
2017-03-18 15:59 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel.bat
2017-02-17 00:31 - 2018-01-28 13:52 - 000000056 _____ () C:\Users\Omar\AppData\Roaming\sp_data.sys
2016-10-29 15:41 - 2016-10-29 15:41 - 000007605 _____ () C:\Users\Omar\AppData\Local\Resmon.ResmonCfg
2017-12-28 03:30 - 2017-12-28 03:30 - 000000001 _____ () C:\Users\Omar\AppData\Local\WMI.ini
2016-06-06 06:30 - 2016-06-06 06:31 - 000000028 _____ () C:\Users\Omar\AppData\Local\X-Plane Installer.prf
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-28 15:29
 
==================== End of FRST.txt ============================

 

 

 

Thank you very much for the help,

Koussy

Attached Files



BC AdBot (Login to Remove)

 


#2 Koussy

Koussy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 28 January 2018 - 04:13 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Omar (28-01-2018 15:52:35)
Running from C:\Users\Omar\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-18 15:22:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2183308590-3637135890-3914418578-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2183308590-3637135890-3914418578-503 - Limited - Disabled)
Guest (S-1-5-21-2183308590-3637135890-3914418578-501 - Limited - Disabled)
Omar (S-1-5-21-2183308590-3637135890-3914418578-1001 - Administrator - Enabled) => C:\Users\Omar
WDAGUtilityAccount (S-1-5-21-2183308590-3637135890-3914418578-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Ayat (HKLM-x32\...\{41E2E6F7-F831-A443-D7D8-3B164D6B936F}) (Version: 1.4 - UNKNOWN) Hidden
Ayat (HKLM-x32\...\sa.edu.ksa.ayat) (Version: 1.4 - UNKNOWN)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.472.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
Crusader Kings II Jade Dragon (HKLM-x32\...\Crusader Kings II Jade Dragon_is1) (Version:  - )
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dropbox (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Dropbox) (Version: 42.4.114 - Dropbox, Inc.)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.12 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVE Online (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\{64ab0f46-7dcb-43c2-acb2-8b526c00dd7a}) (Version: 1.0.0 - CCP)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.19.3 public beta - GOG.com)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Life is Strange: Complete Season 1 (HKLM-x32\...\Life is Strange: Complete Season 1_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.10 - Electronic Arts)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mobinil USB modem (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.6 - Mobinil USB modem)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
NehrimUninstaller (HKLM-x32\...\Nehrim - At Fate's Edge_is1) (Version: 1.0.0 - SureAI)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.3.6-I602  (HKLM\...\OpenVPN) (Version: 2.3.6-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Planescape Torment Enhanced Edition (HKLM-x32\...\Planescape Torment Enhanced Edition_is1) (Version:  - )
PlanetSide 2 (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
R for Windows 3.4.3 (HKLM\...\R for Windows 3.4.3_is1) (Version: 3.4.3 - R Core Team)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
RogueKiller version 12.12.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.0.0 - Adlice Software)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SecureW2 Enterprise Client 3.5.17 MSI Installer (HKLM-x32\...\{D89906F5-2C0F-4389-B122-7CFD7E9004E0}) (Version: 3.5.17 - SecureW2)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
The Talos Principle (HKLM-x32\...\The Talos Principle_is1) (Version:  - )
The Witcher 3 - Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.30.0.0 - GOG.com)
Thunderbolt™ Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel® Corporation)
Torment: Tides of Numenera (1.0.1) (HKLM-x32\...\1958306970_is1) (Version: 0.1.1.294 - GOG.com)
Unity Web Player (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8B0F5A1C-5EFC-423D-91C5-EAB7F8CEC9E7}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wasteland 2 - Director's Cut (HKLM-x32\...\1444386007_is1) (Version: 2.0.0.1 - GOG.com)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Watch_Dogs 2 (HKLM-x32\...\Watch_Dogs 2_is1) (Version:  - )
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\WinDirStat) (Version:  - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Omar\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Omar\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Omar\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-29] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-29] ()
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2183308590-3637135890-3914418578-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2183308590-3637135890-3914418578-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2183308590-3637135890-3914418578-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Omar\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {034C676A-6B46-4C49-8D3D-04AC43C6BE75} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {04F8D3E6-3470-4E6F-AF13-FDE699102394} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0F75D283-B3DE-4290-98F2-290DAB8D4E54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {182F9FBF-0090-4C67-998D-A32D33E36B47} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {1A67A624-5BB9-4D38-96EC-D33DA0AD4C8A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1C9363C4-F95B-4229-A4A4-767420A06843} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D0FF451-104C-43B3-9C1E-848A6060B604} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {1DE8A249-3F18-42E1-8BC7-9A4F72EE4778} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {1E7319AE-C7BC-4C08-ACB8-C3A692191461} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {237CA970-C5A2-4CAE-9285-6829894AA9D6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {24C28AE2-F4FE-4D74-AEF8-D37CA486F0F2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {291E6B0A-0827-4A12-8839-7523409D3D8B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {2AAC79E4-A898-4AB9-A81A-E20C8C4F07B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {32FA7ABB-B036-42EE-A790-92EA0A5F6955} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {330AD346-BCD6-49EA-A579-FD544EFB0F36} - System32\Tasks\EicacicmPaYO => C:\Program Files (x86)\Common Files\iACIjAel.bat [2017-03-18] () <==== ATTENTION
Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39E16F4B-6022-43B7-A4EF-76146EDCB228} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001UA1d236d1a63d66c7 => C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3B6AE65D-01E5-4016-BDB5-4756B95156C9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {3D1CB1D3-8DED-4EC3-851E-670BEEBDCCD2} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()
Task: {40460316-0687-4EDB-B8C3-460C989359C5} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-11-11] ()
Task: {462F2FD4-DEA3-4240-8F27-C215694C6907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4C06E3A0-89CA-46B2-9735-DB94CEB9279D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {4C74C149-518C-4CDA-A2E1-9104125A4886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5165B399-471F-464C-9BCA-8BF3615E8708} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {58B9BE9F-AC18-4C9C-8243-59C13AAC5322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {648006E8-D1D7-416E-B1DD-4FDB120EFC67} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {659490E2-B9A7-40B2-9781-00F82B61D6A8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {67F2F4A4-FE08-4DD1-B1A4-03B7580B67FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {70E678BB-013C-4333-9AB9-EC9BBD91AA7E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {7710C564-F1E4-4F04-8AAE-C826C5053286} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon -> No File <==== ATTENTION
Task: {7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BDFD0CF-777F-43C3-BF85-34D20ED5786C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {7DC6D19B-8DBC-41F3-A44A-ECC4C4B01BEA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc start ThunderboltService
Task: {7DFF6EFB-2E89-4B8A-846F-F87E781304B5} - System32\Tasks\dUNOaJnOOY => C:\WINDOWS\JMyYAr.bat [2017-03-18] () <==== ATTENTION
Task: {803DEC6B-A49C-4219-98B0-1EC0AC14DBAF} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2016-11-29] (SecureW2 B.V.)
Task: {84EAAC76-ACDA-439D-B4D3-94A4197B4518} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98E2A0A4-05E8-49EF-A8EA-555A6673161A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status -> No File <==== ATTENTION
Task: {A13232E3-05D8-4B4F-89D0-FD7BC27E6054} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {A3179637-B3FD-46F0-BBE9-2DAF98F26D35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A4A92756-2726-400B-97CC-D069762BA5B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {A55A137F-9BE2-475C-AA37-E27DF1DE48CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A5A3F17F-A5BD-4C07-BE30-895AAA33F4AA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001Core1d236d1a6383489 => C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {AB5BBE6F-9B2C-432D-BD68-A04C3311D7B1} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B018CDDA-4D18-4E5A-B8DD-07214E1063CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} - \WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 -> No File <==== ATTENTION
Task: {BE578B62-2E42-4B08-80E9-0CEE51CE9BA7} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {C94AB8DB-075A-445C-ADCE-B72901A2130B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CC439196-6379-4854-8FAF-94B6588829C1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {CED96A68-011E-4E48-9B5C-E7A38C1C0B98} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections -> No File <==== ATTENTION
Task: {D068C708-5348-42C9-B53E-40F004C78867} - System32\Tasks\IOvpA => C:\Users\Omar\TeYZo.exe [2017-03-18] (Microsoft Corporation)
Task: {E0C17BD2-F333-4301-89F5-2BDD813C59EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E414A50E-6262-4483-8E49-B82CBA449259} - System32\Tasks\S-1-5-21-2183308590-3637135890-3914418578-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {EB8EA182-D9E1-4F56-9AE8-733D683FBD5E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
Task: {EBDAB7A6-372B-4BFF-BA21-369616DFD178} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F590D050-52DC-45DF-912D-A7C00C1087D9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {F5B61F02-5040-469A-BFA1-C64668B07218} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F703E3AE-35C6-4E07-9709-8AAA89DDC0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FAFFECBC-4AC8-4E32-8CEE-3512A9913CB9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001Core1d236d1a6383489.job => C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2183308590-3637135890-3914418578-1001UA1d236d1a63d66c7.job => C:\Users\Omar\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Omar\Desktop\Omar - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Omar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\M - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-29 03:55 - 2017-12-29 03:55 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-01 11:12 - 2016-09-01 11:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-24 17:45 - 2018-01-10 09:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-03-15 22:52 - 2016-11-04 16:38 - 000076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-11-04 19:11 - 2015-11-04 19:12 - 000188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-12-29 03:27 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-19 17:06 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-19 17:06 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-18 08:44 - 2018-01-18 08:44 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 08:44 - 2018-01-18 08:44 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 08:44 - 2018-01-18 08:44 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 04:53 - 2018-01-03 04:54 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-18 08:44 - 2018-01-18 08:44 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2014-12-03 10:44 - 2014-02-25 22:13 - 000053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-24 17:17 - 2017-06-09 00:48 - 000139776 _____ () C:\Users\Omar\Desktop\GwentUP\GwentUp.exe
2017-12-24 17:17 - 2018-01-11 10:38 - 001783808 _____ () C:\Users\Omar\Desktop\GwentUP\infuser.dll
2017-12-13 23:19 - 2017-12-13 23:19 - 035244544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-12-13 23:19 - 2017-12-13 23:19 - 009220608 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 13:33 - 2017-08-23 13:33 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 10:47 - 2017-09-26 10:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-13 23:19 - 2017-12-13 23:19 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2018-01-19 17:06 - 2017-10-24 22:18 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-01-19 17:06 - 2017-10-24 23:40 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2016-08-10 11:50 - 2016-11-11 19:08 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-07-21 08:27 - 2015-07-21 08:27 - 000238248 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2018-01-08 21:08 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 21:08 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-13 23:18 - 2017-12-13 23:19 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 19:31 - 2017-10-04 19:31 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-10 22:02 - 2017-11-10 22:02 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-04 19:31 - 2017-10-04 19:31 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-13 23:18 - 2017-12-13 23:18 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-28 19:32 - 2017-08-28 19:32 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-13 23:18 - 2017-12-13 23:19 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2018-01-09 06:29 - 2018-01-09 06:29 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-19 17:27 - 2018-01-19 17:27 - 007921664 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2014-06-03 23:01 - 2014-06-03 23:01 - 000018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 23:01 - 2014-06-03 23:01 - 000020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-06-03 23:01 - 2014-06-03 23:01 - 000117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 23:01 - 2014-06-03 23:01 - 000037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-24 17:45 - 2018-01-10 09:33 - 001041208 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-24 17:45 - 2018-01-10 09:33 - 066907448 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-03-12 15:32 - 2014-09-05 10:55 - 000132808 _____ () C:\Users\Omar\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2014-12-03 10:41 - 2013-10-23 16:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-04-27 03:24 - 2013-04-27 03:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2015-03-12 15:35 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-12 15:35 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-12 15:35 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-12 15:35 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-12 15:35 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-14 01:30 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 01:30 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 01:30 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 01:30 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 01:30 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2015-03-12 15:35 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-13 10:51 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-15 17:35 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-12 14:10 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-03-12 15:35 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-24 20:06 - 2018-01-22 06:19 - 000733000 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-01-24 20:06 - 2018-01-22 06:19 - 002079048 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-09-22 15:41 - 2018-01-22 06:19 - 000100296 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000018888 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\select.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000020808 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000035792 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000694224 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000021856 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000130512 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 001856864 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000022880 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000145864 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000116688 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-09-22 15:41 - 2018-01-22 06:19 - 000105928 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000022872 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000063312 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000024528 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000077120 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000020936 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000124880 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000116176 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000392656 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-09-22 15:41 - 2018-01-22 06:22 - 000392520 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000026464 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000024016 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000175560 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000030160 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000043472 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000026056 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000048592 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000057808 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000021840 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000023376 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000022864 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000066400 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 001796928 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000084424 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\sip.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 001956160 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-01-24 20:06 - 2018-01-22 06:22 - 003859272 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000155472 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000521032 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000050512 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000042312 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000131400 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-01-24 20:06 - 2018-01-22 06:22 - 000218960 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000204104 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000025440 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000060880 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000054616 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000024016 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000022880 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000100704 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000028616 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-01-24 20:05 - 2018-01-22 06:22 - 000024416 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.shell32.compiled._winffi_shell32.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000022368 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000021856 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000022368 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000027496 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-22 15:41 - 2018-01-22 06:19 - 000349128 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-24 20:06 - 2018-01-22 06:22 - 000101192 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-09-22 15:41 - 2018-01-22 06:22 - 000023904 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000025432 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000036296 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-24 20:06 - 2018-01-22 06:21 - 000032608 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2018-01-24 20:06 - 2018-01-22 06:19 - 000293392 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2018-01-11 15:42 - 2018-01-22 06:22 - 000021856 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000181064 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-09-22 15:41 - 2018-01-22 06:22 - 000030544 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000024384 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-01-24 20:06 - 2018-01-22 06:21 - 001638208 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-09-22 15:41 - 2018-01-22 06:22 - 000026464 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000545096 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000359232 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-01-24 20:06 - 2018-01-22 06:21 - 000038216 _____ () C:\Users\Omar\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2018-01-25 19:42 - 2018-01-25 19:42 - 000012800 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000009728 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000014848 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000094208 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\src\rgloader\rgloader193.mswin.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000009216 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000094208 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000126976 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000087552 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000016384 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000127316 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\bin\libffi-6.dll
2018-01-25 19:42 - 2018-01-25 19:42 - 000008704 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000013312 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000095744 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000026624 _____ () C:\Users\Omar\AppData\Local\Temp\ocr54D1.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000012800 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000009728 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000014848 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000094208 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\src\rgloader\rgloader193.mswin.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000094208 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000118784 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000069120 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000083968 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\bin\zlib1.dll
2018-01-25 19:42 - 2018-01-25 19:42 - 000026624 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000275968 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000015360 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000008192 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000009216 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000023552 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000008704 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000008704 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000008704 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000008704 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000036352 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000126976 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000087552 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000016384 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000127316 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\bin\libffi-6.dll
2018-01-25 19:42 - 2018-01-25 19:42 - 000013312 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000095744 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-01-25 19:42 - 2018-01-25 19:42 - 000026624 _____ () C:\Users\Omar\AppData\Local\Temp\ocr5713.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-08-10 11:50 - 2016-11-11 19:08 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-08-10 11:50 - 2016-11-11 19:08 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2017-11-27 16:03 - 2017-11-27 16:03 - 023970800 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 13:10 - 2016-12-23 13:10 - 000323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-08-10 10:24 - 2017-08-10 10:24 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total War: Rome II - Imperium Aeternum Uninstaller.lnk [502]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-01-11 06:22 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Omar\Desktop\Ayat-al-Kursi-HD-Wallpaper.jpg
DNS Servers: 128.118.25.3 - 130.203.1.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "ASUS ROG MacroKey"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "autodetect"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2183308590-3637135890-3914418578-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2908418E-BDA2-4293-A047-C51D8C044440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38FBCF56-8437-4DE5-8CBF-A0E9DD9354C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/28/2018 03:52:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (01/28/2018 03:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/28/2018 01:54:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2018 03:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2018 02:26:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2018 02:24:57 PM) (Source: DCOM) (EventID: 10010) (User: KOUSSY-ASUS)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/27/2018 02:23:41 PM) (Source: DCOM) (EventID: 10016) (User: KOUSSY-ASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Koussy-Asus\Omar SID (S-1-5-21-2183308590-3637135890-3914418578-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2018 12:06:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/25/2018 08:29:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/25/2018 07:53:52 PM) (Source: DCOM) (EventID: 10010) (User: KOUSSY-ASUS)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/25/2018 07:41:04 PM) (Source: DCOM) (EventID: 10010) (User: KOUSSY-ASUS)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-28 15:51:21.576
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-01-28 15:36:38.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:36:38.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:33:20.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:33:20.102
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:21:38.410
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:21:38.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:12:04.538
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:12:04.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 15:06:37.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 16333.19 MB
Available physical RAM: 9108.03 MB
Total Virtual: 17549.19 MB
Available Virtual: 6219.09 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:94.11 GB) (Free:10.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:130.86 GB) (Free:18.54 GB) NTFS
Drive e: (Data1) (Fixed) (Total:465.75 GB) (Free:21.61 GB) NTFS
Drive f: (Data2) (Fixed) (Total:465.76 GB) (Free:38.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DE4BE0D3)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A1F6CB26)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:23 AM

Posted 28 January 2018 - 07:00 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
Task: {0F75D283-B3DE-4290-98F2-290DAB8D4E54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {330AD346-BCD6-49EA-A579-FD544EFB0F36} - System32\Tasks\EicacicmPaYO => C:\Program Files (x86)\Common Files\iACIjAel.bat [2017-03-18] () <==== ATTENTION
Task: {4C74C149-518C-4CDA-A2E1-9104125A4886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58B9BE9F-AC18-4C9C-8243-59C13AAC5322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7710C564-F1E4-4F04-8AAE-C826C5053286} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon -> No File <==== ATTENTION
Task: {7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7DFF6EFB-2E89-4B8A-846F-F87E781304B5} - System32\Tasks\dUNOaJnOOY => C:\WINDOWS\JMyYAr.bat [2017-03-18] () <==== ATTENTION
Task: {84EAAC76-ACDA-439D-B4D3-94A4197B4518} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98E2A0A4-05E8-49EF-A8EA-555A6673161A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status -> No File <==== ATTENTION
Task: {A3179637-B3FD-46F0-BBE9-2DAF98F26D35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B018CDDA-4D18-4E5A-B8DD-07214E1063CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} - \WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 -> No File <==== ATTENTION
Task: {CED96A68-011E-4E48-9B5C-E7A38C1C0B98} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections -> No File <==== ATTENTION
Task: {E0C17BD2-F333-4301-89F5-2BDD813C59EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F5B61F02-5040-469A-BFA1-C64668B07218} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
2017-03-18 15:59 - 2017-03-18 15:59 - 000001022 _____ () C:\Users\Omar\eYIEYNZop.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Omar\TeYZo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO
2017-03-18 15:59 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000174592 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\aOAHxyo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel
2017-03-18 15:59 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel.bat
2017-02-17 00:31 - 2018-01-28 13:52 - 000000056 _____ () C:\Users\Omar\AppData\Roaming\sp_data.sys
2016-10-29 15:41 - 2016-10-29 15:41 - 000007605 _____ () C:\Users\Omar\AppData\Local\Resmon.ResmonCfg
2017-12-28 03:30 - 2017-12-28 03:30 - 000000001 _____ () C:\Users\Omar\AppData\Local\WMI.ini
2016-06-06 06:30 - 2016-06-06 06:31 - 000000028 _____ () C:\Users\Omar\AppData\Local\X-Plane Installer.prf
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0F75D283-B3DE-4290-98F2-290DAB8D4E54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C74C149-518C-4CDA-A2E1-9104125A4886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58B9BE9F-AC18-4C9C-8243-59C13AAC5322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7710C564-F1E4-4F04-8AAE-C826C5053286} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon -> No File <==== ATTENTION
Task: {7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {84EAAC76-ACDA-439D-B4D3-94A4197B4518} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98E2A0A4-05E8-49EF-A8EA-555A6673161A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status -> No File <==== ATTENTION
Task: {A3179637-B3FD-46F0-BBE9-2DAF98F26D35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B018CDDA-4D18-4E5A-B8DD-07214E1063CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} - \WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 -> No File <==== ATTENTION
Task: {CED96A68-011E-4E48-9B5C-E7A38C1C0B98} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections -> No File <==== ATTENTION
Task: {E0C17BD2-F333-4301-89F5-2BDD813C59EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F5B61F02-5040-469A-BFA1-C64668B07218} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HOSTS:
CMD: Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Koussy

Koussy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 28 January 2018 - 11:08 PM

Hi JSntgRvr,

 

Thank you very much for you help and quick repsonse.

 

This is the fix:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018

Ran by Omar (28-01-2018 22:52:45) Run:1
Running from C:\Users\Omar\Downloads
Loaded Profiles: Omar (Available Profiles: Omar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {0F75D283-B3DE-4290-98F2-290DAB8D4E54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {330AD346-BCD6-49EA-A579-FD544EFB0F36} - System32\Tasks\EicacicmPaYO => C:\Program Files (x86)\Common Files\iACIjAel.bat [2017-03-18] () <==== ATTENTION
Task: {4C74C149-518C-4CDA-A2E1-9104125A4886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58B9BE9F-AC18-4C9C-8243-59C13AAC5322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7710C564-F1E4-4F04-8AAE-C826C5053286} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon -> No File <==== ATTENTION
Task: {7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7DFF6EFB-2E89-4B8A-846F-F87E781304B5} - System32\Tasks\dUNOaJnOOY => C:\WINDOWS\JMyYAr.bat [2017-03-18] () <==== ATTENTION
Task: {84EAAC76-ACDA-439D-B4D3-94A4197B4518} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98E2A0A4-05E8-49EF-A8EA-555A6673161A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status -> No File <==== ATTENTION
Task: {A3179637-B3FD-46F0-BBE9-2DAF98F26D35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B018CDDA-4D18-4E5A-B8DD-07214E1063CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} - \WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 -> No File <==== ATTENTION
Task: {CED96A68-011E-4E48-9B5C-E7A38C1C0B98} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections -> No File <==== ATTENTION
Task: {E0C17BD2-F333-4301-89F5-2BDD813C59EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F5B61F02-5040-469A-BFA1-C64668B07218} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
2017-03-18 15:59 - 2017-03-18 15:59 - 000001022 _____ () C:\Users\Omar\eYIEYNZop.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Omar\TeYZo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO
2017-03-18 15:59 - 2017-03-18 15:59 - 000000999 _____ () C:\Program Files (x86)\iovO.bat
2017-12-28 03:30 - 2017-03-18 15:58 - 000174592 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\aOAHxyo.exe
2017-12-28 03:30 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel
2017-03-18 15:59 - 2017-03-18 15:59 - 000000053 _____ () C:\Program Files (x86)\Common Files\iACIjAel.bat
2017-02-17 00:31 - 2018-01-28 13:52 - 000000056 _____ () C:\Users\Omar\AppData\Roaming\sp_data.sys
2016-10-29 15:41 - 2016-10-29 15:41 - 000007605 _____ () C:\Users\Omar\AppData\Local\Resmon.ResmonCfg
2017-12-28 03:30 - 2017-12-28 03:30 - 000000001 _____ () C:\Users\Omar\AppData\Local\WMI.ini
2016-06-06 06:30 - 2016-06-06 06:31 - 000000028 _____ () C:\Users\Omar\AppData\Local\X-Plane Installer.prf
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0F75D283-B3DE-4290-98F2-290DAB8D4E54} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C74C149-518C-4CDA-A2E1-9104125A4886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58B9BE9F-AC18-4C9C-8243-59C13AAC5322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7710C564-F1E4-4F04-8AAE-C826C5053286} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon -> No File <==== ATTENTION
Task: {7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {84EAAC76-ACDA-439D-B4D3-94A4197B4518} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {98E2A0A4-05E8-49EF-A8EA-555A6673161A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status -> No File <==== ATTENTION
Task: {A3179637-B3FD-46F0-BBE9-2DAF98F26D35} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B018CDDA-4D18-4E5A-B8DD-07214E1063CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} - \WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 -> No File <==== ATTENTION
Task: {CED96A68-011E-4E48-9B5C-E7A38C1C0B98} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections -> No File <==== ATTENTION
Task: {E0C17BD2-F333-4301-89F5-2BDD813C59EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F5B61F02-5040-469A-BFA1-C64668B07218} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HOSTS:
CMD: Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F75D283-B3DE-4290-98F2-290DAB8D4E54} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F75D283-B3DE-4290-98F2-290DAB8D4E54}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330AD346-BCD6-49EA-A579-FD544EFB0F36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330AD346-BCD6-49EA-A579-FD544EFB0F36}" => removed successfully
C:\WINDOWS\System32\Tasks\EicacicmPaYO => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EicacicmPaYO" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C74C149-518C-4CDA-A2E1-9104125A4886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C74C149-518C-4CDA-A2E1-9104125A4886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58B9BE9F-AC18-4C9C-8243-59C13AAC5322}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58B9BE9F-AC18-4C9C-8243-59C13AAC5322}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7710C564-F1E4-4F04-8AAE-C826C5053286}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7710C564-F1E4-4F04-8AAE-C826C5053286}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A8FE613-1D21-4AEC-A48D-C272C0E64B8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A8FE613-1D21-4AEC-A48D-C272C0E64B8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DFF6EFB-2E89-4B8A-846F-F87E781304B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFF6EFB-2E89-4B8A-846F-F87E781304B5}" => removed successfully
C:\WINDOWS\System32\Tasks\dUNOaJnOOY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dUNOaJnOOY" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84EAAC76-ACDA-439D-B4D3-94A4197B4518}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84EAAC76-ACDA-439D-B4D3-94A4197B4518}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89E3A1AD-9CC1-478C-BB5C-E7219883EE5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E3A1AD-9CC1-478C-BB5C-E7219883EE5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98E2A0A4-05E8-49EF-A8EA-555A6673161A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E2A0A4-05E8-49EF-A8EA-555A6673161A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3179637-B3FD-46F0-BBE9-2DAF98F26D35}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3179637-B3FD-46F0-BBE9-2DAF98F26D35}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B018CDDA-4D18-4E5A-B8DD-07214E1063CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B018CDDA-4D18-4E5A-B8DD-07214E1063CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CED96A68-011E-4E48-9B5C-E7A38C1C0B98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED96A68-011E-4E48-9B5C-E7A38C1C0B98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0C17BD2-F333-4301-89F5-2BDD813C59EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C17BD2-F333-4301-89F5-2BDD813C59EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5B61F02-5040-469A-BFA1-C64668B07218}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B61F02-5040-469A-BFA1-C64668B07218}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
C:\Users\Omar\eYIEYNZop.bat => moved successfully
C:\Users\Omar\TeYZo.exe => moved successfully
C:\Program Files (x86)\iovO => moved successfully
C:\Program Files (x86)\iovO.bat => moved successfully
C:\Program Files (x86)\Common Files\aOAHxyo.exe => moved successfully
C:\Program Files (x86)\Common Files\iACIjAel => moved successfully
C:\Program Files (x86)\Common Files\iACIjAel.bat => moved successfully
C:\Users\Omar\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Omar\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Omar\AppData\Local\WMI.ini => moved successfully
C:\Users\Omar\AppData\Local\X-Plane Installer.prf => moved successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F75D283-B3DE-4290-98F2-290DAB8D4E54}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F75D283-B3DE-4290-98F2-290DAB8D4E54} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ED6EEFC-5ECA-458A-BC0E-A7F23D2E8C90} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C74C149-518C-4CDA-A2E1-9104125A4886} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58B9BE9F-AC18-4C9C-8243-59C13AAC5322} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7710C564-F1E4-4F04-8AAE-C826C5053286} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Start Workspace Runtime at logon => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A8FE613-1D21-4AEC-A48D-C272C0E64B8F} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84EAAC76-ACDA-439D-B4D3-94A4197B4518} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E3A1AD-9CC1-478C-BB5C-E7219883EE5E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E2A0A4-05E8-49EF-A8EA-555A6673161A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Report update status => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3179637-B3FD-46F0-BBE9-2DAF98F26D35} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B018CDDA-4D18-4E5A-B8DD-07214E1063CF} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF44457-E9DF-4323-8FCF-D66FB6B7BC2B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2183308590-3637135890-3914418578-1001 => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED96A68-011E-4E48-9B5C-E7A38C1C0B98} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Omar\Update connections => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C17BD2-F333-4301-89F5-2BDD813C59EC} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F276E2E3-0A40-4192-AE2F-9FCD4F4F4DA9} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B61F02-5040-469A-BFA1-C64668B07218} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= Removeproxy: =========
 
'Removeproxy:' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19602276 B
Java, Flash, Steam htmlcache => 426905968 B
Windows/system/drivers => 22358 B
Edge => 15400 B
Chrome => 793819764 B
Firefox => 178676802 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Omar => 101197859 B
 
RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:58:40 ====
 
This is the adware cleaner file:
 
# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 29 04:03:46 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 01-26-2018.4
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2203 B] - [2017/12/30 7:23:3]
C:/AdwCleaner/AdwCleaner[C1].txt - [1260 B] - [2017/12/30 7:32:9]
C:/AdwCleaner/AdwCleaner[S0].txt - [2353 B] - [2017/12/30 7:21:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [1237 B] - [2017/12/30 7:31:54]
C:/AdwCleaner/AdwCleaner[S2].txt - [1215 B] - [2018/1/2 8:0:33]
C:/AdwCleaner/AdwCleaner[S3].txt - [1280 B] - [2018/1/3 9:20:15]
C:/AdwCleaner/AdwCleaner[S4].txt - [1346 B] - [2018/1/9 20:57:5]
C:/AdwCleaner/AdwCleaner[S5].txt - [1412 B] - [2018/1/20 3:43:13]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt ##########


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:23 AM

Posted 29 January 2018 - 12:09 AM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Koussy

Koussy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 29 January 2018 - 01:55 PM

I haven't seen the command box open since i applied the fix and EMSISoft has not  detected anything . Does that mean the computer is clean ?



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:23 AM

Posted 29 January 2018 - 03:04 PM

Yes it is, congratulations.

Use this application to remove quarantined items.

Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:23 AM

Posted 29 January 2018 - 03:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users