Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome slows down PC immensely, while gaming and designing


  • This topic is locked This topic is locked
3 replies to this topic

#1 Sackboy90210

Sackboy90210

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 29 January 2018 - 09:22 AM

Hello, my PC has been getting extremely slow with the launch of google chrome while im playing games / designing on Photoshop or any other software for that matter. Ever since my brother has gotten on my pc to go to multiple malicious websites that give out "Fortnite Aimbot hacks" to help cheat in the game without my permission. All of these issues were never happening before this incident, which took place 1 day ago from the time I'm posting this thread. My PC has blacked out while I had Photoshop against with Google chrome opened today, nothing was too intensive and im certain my PC can take more than that. Malwarebytes has found over 154 threats and my PC has gotten extremely sluggish ever since. I've been here before for help on my old computer, now I've gotten a new one and I can trust you with helping me out. Thank you so much. 

 

Here are my FRST.txt logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Khayat (administrator) on LAPTOP-NL9QLONE (29-01-2018 15:08:12)
Running from C:\Users\Khayat\Desktop
Loaded Profiles: Khayat (Available Profiles: Khayat)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(SweetLabs, Inc) C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2017-08-30] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc.)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Khayat\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste Esports Accelerator\Haste.exe
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Run: [Spotify Web Helper] => C:\Users\Khayat\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-18] (Spotify Ltd)
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\Narrator.exe [360448 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-12-01]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6675cdcc-ef04-4673-9f1d-8dcb40070968}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{898acc7e-0c92-4f0a-8a3a-3f1d6299cc6b}: [DhcpNameServer] 40.30.1.55
 
Internet Explorer:
==================
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1484636953-257239511-1633259089-1001 -> DefaultScope {CF70A261-EDD8-404D-8D4F-66207D80916D} URL = 
SearchScopes: HKU\S-1-5-21-1484636953-257239511-1633259089-1001 -> {CF70A261-EDD8-404D-8D4F-66207D80916D} URL = 
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-01-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-26] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-20] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: p25iwhec.default
FF ProfilePath: C:\Users\Khayat\AppData\Roaming\Mozilla\Firefox\Profiles\p25iwhec.default [2017-08-25]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Khayat\AppData\Roaming\Mozilla\Firefox\Profiles\p25iwhec.default\Extensions\abb-acer@amazon.com [2017-06-24] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\Khayat\AppData\Roaming\Mozilla\Firefox\Profiles\p25iwhec.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-06-24] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Khayat\AppData\Roaming\Mozilla\Firefox\Profiles\p25iwhec.default\Extensions\partnerdefaults@mozilla.com [2017-06-24] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-02-10] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-02-10] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-02-10] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-20] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Slides) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-24]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-12-31]
CHR Extension: (YouTube) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-24]
CHR Extension: (FileSafer Content Network) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eloaifmmfmaieffoehmmomhgpfahgbdj [2018-01-28]
CHR Extension: (Sheets) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-24]
CHR Extension: (AdBlock) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25]
CHR Profile: C:\Users\Khayat\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-19]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows ® Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-09] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7780528 2018-01-15] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-07-21] (EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-06-26] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S4 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [435328 2017-10-10] (Razer Inc.)
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [916096 2017-10-17] (Razer Inc.)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-12] (Razer Inc)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S2 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-27] (RemoteMyApp sp. z o.o.)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532352 2017-11-07] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [502144 2017-11-13] (Razer Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-28] (acer)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-20] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-20] (Microsoft Corporation)
S2 IntelSSTSvc; "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-16] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-09-13] (Acer Incorporated)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-28] (Malwarebytes)
R1 MpKsl23eed461; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6EA1950-6DC6-4AE5-9A0B-8FBDE06070BA}\MpKsl23eed461.sys [58120 2018-01-28] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_630baae9fcc5f271\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-09-13] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-07-18] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57432 2016-09-05] (Synaptics Incorporated)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-20] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-20] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-29 15:08 - 2018-01-29 15:09 - 000022890 _____ C:\Users\Khayat\Desktop\FRST.txt
2018-01-29 15:06 - 2018-01-29 15:08 - 000000000 ____D C:\FRST
2018-01-29 15:06 - 2018-01-29 15:04 - 002393088 _____ (Farbar) C:\Users\Khayat\Desktop\FRST64.exe
2018-01-29 15:04 - 2018-01-29 15:04 - 002393088 _____ (Farbar) C:\Users\Khayat\Downloads\FRST64.exe
2018-01-29 14:56 - 2018-01-29 14:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-29 12:55 - 2018-01-29 12:55 - 013200813 _____ C:\Users\Khayat\Downloads\PSD by SamR.psd
2018-01-28 22:05 - 2018-01-28 22:05 - 000001255 _____ C:\Users\Khayat\AppData\Roaming\MicrosoftOneDrive.lnk
2018-01-28 20:56 - 2018-01-28 21:10 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\WinHelper32.exe
2018-01-28 20:52 - 2018-01-28 20:52 - 000000000 ___HD C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}
2018-01-28 20:51 - 2018-01-28 22:23 - 000000000 ___HD C:\ProgramData\MicrosoftCorporation
2018-01-28 20:51 - 2018-01-28 20:51 - 000000000 ___HD C:\ProgramData\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}
2018-01-28 20:50 - 2018-01-28 20:50 - 000025638 _____ C:\Users\Khayat\Downloads\037v6r.html
2018-01-28 20:50 - 2018-01-28 20:50 - 000025638 _____ C:\Users\Khayat\Downloads\037v6r (1).html
2018-01-28 14:31 - 2018-01-28 22:20 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\Imminent
2018-01-28 14:21 - 2018-01-28 14:21 - 006518430 _____ C:\Users\Khayat\Downloads\SwiftHack4_2 (1).rar
2018-01-28 13:02 - 2018-01-28 13:02 - 001652810 _____ C:\Users\Khayat\Downloads\fortnite_br_multihack_by_markspenc_csjoke_v022.zip
2018-01-28 08:45 - 2018-01-28 08:45 - 000000129 _____ C:\Users\Khayat\Downloads\Password.Here (1).txt
2018-01-28 08:44 - 2018-01-28 08:44 - 017380150 _____ C:\Users\Khayat\Downloads\FORTNITE+MainMod (2).rar
2018-01-28 08:28 - 2018-01-28 08:28 - 000000129 _____ C:\Users\Khayat\Downloads\Password.Here.txt
2018-01-28 08:27 - 2018-01-28 08:27 - 017380150 _____ C:\Users\Khayat\Downloads\FORTNITE+MainMod.rar
2018-01-28 08:27 - 2018-01-28 08:27 - 017380150 _____ C:\Users\Khayat\Downloads\FORTNITE+MainMod (1).rar
2018-01-27 19:48 - 2018-01-28 08:42 - 000000000 ____D C:\Users\Khayat\Desktop\Rony
2018-01-27 00:02 - 2018-01-28 22:23 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\Lib
2018-01-26 23:57 - 2018-01-26 23:57 - 006518430 _____ C:\Users\Khayat\Downloads\SwiftHack4_2.rar
2018-01-26 23:31 - 2018-01-26 04:28 - 000000232 ___SH C:\Users\Public\Libraries.ini
2018-01-25 20:37 - 2018-01-29 13:16 - 000000000 __SHD C:\Users\Khayat\wc
2018-01-25 20:37 - 2018-01-27 10:52 - 000000000 __SHD C:\Users\Khayat\AppData\Roaming\wyUpdate AU
2018-01-25 20:37 - 2018-01-25 20:37 - 000000000 ____D C:\Users\Khayat\AppData\Local\IsolatedStorage
2018-01-25 20:33 - 2018-01-25 20:37 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\Icons8
2018-01-25 20:33 - 2018-01-25 20:33 - 000003400 _____ C:\WINDOWS\System32\Tasks\Icons8 Check For Updates
2018-01-25 20:33 - 2018-01-25 20:33 - 000003288 _____ C:\WINDOWS\System32\Tasks\Icons8 Sync
2018-01-25 20:33 - 2018-01-25 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icons8
2018-01-25 20:33 - 2018-01-25 20:33 - 000000000 ____D C:\Program Files (x86)\Icons8
2018-01-25 20:31 - 2018-01-25 20:31 - 051861152 _____ (Icons8 ) C:\Users\Khayat\Downloads\Icons8Setup.exe
2018-01-24 13:24 - 2018-01-24 13:24 - 033175658 _____ C:\Users\Khayat\Downloads\Presentation Final2.pptx
2018-01-22 20:25 - 2018-01-28 22:02 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-21 16:06 - 2018-01-22 21:40 - 027690644 _____ C:\Users\Khayat\Downloads\Talent Presentation .pptx
2018-01-21 16:04 - 2018-01-21 16:05 - 020668416 _____ C:\Users\Khayat\Downloads\Talent Presentation .pptx.crdownload
2018-01-20 16:35 - 2018-01-20 16:35 - 000000000 ____H C:\Users\Khayat\Documents\Default.rdp
2018-01-20 14:58 - 2018-01-20 16:37 - 000000000 ____D C:\ProgramData\Remotr
2018-01-20 14:58 - 2018-01-20 14:58 - 000001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remotr Streamer.lnk
2018-01-20 14:58 - 2018-01-20 14:58 - 000000000 ____D C:\Program Files (x86)\Remotr
2018-01-20 14:57 - 2018-01-20 14:57 - 005420800 _____ (RemoteMyApp sp. z o.o. ) C:\Users\Khayat\Downloads\Remotr (2).exe
2018-01-20 14:21 - 2018-01-20 14:50 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\slobs-client
2018-01-20 14:21 - 2018-01-20 14:21 - 000002412 _____ C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
2018-01-20 14:15 - 2018-01-20 14:17 - 255623552 _____ (General Workings, Inc.) C:\Users\Khayat\Downloads\Streamlabs+OBS+Setup+0.8.5.exe
2018-01-20 09:40 - 2018-01-20 09:40 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-01-18 15:30 - 2018-01-18 15:30 - 005449979 _____ C:\Users\Khayat\Downloads\Images.zip
2018-01-13 20:47 - 2018-01-27 19:47 - 000000000 ____D C:\Users\Khayat\Desktop\Mom
2018-01-13 20:32 - 2018-01-13 20:32 - 000456385 _____ C:\Users\Khayat\Downloads\lovely_home.zip
2018-01-13 20:32 - 2018-01-13 20:32 - 000039785 _____ C:\Users\Khayat\Downloads\blacksword.zip
2018-01-13 18:20 - 2018-01-13 18:20 - 000000000 ____D C:\Users\Khayat\AppData\Local\Thalonet,_Inc._dba_Haste
2018-01-13 18:19 - 2018-01-13 18:20 - 000000000 ____D C:\Users\Public\Documents\Haste
2018-01-13 18:19 - 2018-01-13 18:19 - 010661536 _____ (Haste) C:\Users\Khayat\Downloads\HasteInstaller.exe
2018-01-13 18:19 - 2018-01-13 18:19 - 000000000 _____ C:\WINDOWS\system32\cd
2018-01-11 17:15 - 2018-01-11 17:17 - 437767331 _____ C:\Users\Khayat\Downloads\Interior_HDRI_Free_Pack_by_Maxime_Roz.zip
2018-01-11 17:14 - 2018-01-11 17:14 - 046991496 _____ C:\Users\Khayat\Downloads\octane_studio_tools_v1.1.zip
2018-01-11 16:46 - 2018-01-11 16:52 - 678856768 _____ C:\Users\Khayat\Downloads\Manhattan Nights Vol. 1.zip
2018-01-09 23:50 - 2018-01-09 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-09 23:50 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-09 23:48 - 2018-01-09 23:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 23:48 - 2018-01-09 23:48 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-09 23:36 - 2018-01-09 23:47 - 083316440 _____ (Malwarebytes ) C:\Users\Khayat\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-07 13:38 - 2018-01-07 13:38 - 000000000 ____D C:\Users\Khayat\AppData\Local\lightmap
2018-01-07 13:38 - 2018-01-07 13:38 - 000000000 ____D C:\ProgramData\Reprise
2018-01-07 13:33 - 2018-01-07 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightmap
2018-01-07 13:31 - 2018-01-07 13:31 - 000000000 ____D C:\ProgramData\Apple
2018-01-07 13:31 - 2018-01-07 13:31 - 000000000 ____D C:\Program Files\Bonjour
2018-01-07 13:31 - 2018-01-07 13:31 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-07 13:30 - 2018-01-07 13:30 - 000000000 ____D C:\Program Files\Lightmap
2018-01-07 12:28 - 2018-01-07 12:29 - 076803620 _____ C:\Users\Khayat\Downloads\HDRLightStudio5_Win_5.4.2.2017.0313.exe
2018-01-07 11:34 - 2018-01-07 11:34 - 000175524 _____ C:\Users\Khayat\Downloads\D608D773AA07E4FEE39890461F9FDE71B3FEA861.torrent
2018-01-07 11:33 - 2018-01-07 11:33 - 000022826 _____ C:\Users\Khayat\Downloads\28A98F8F8D7A3B24944E94E26F6D70299C27BEDF.torrent
2018-01-06 16:05 - 2018-01-16 16:48 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-06 14:15 - 2018-01-06 14:15 - 000000000 ____D C:\Users\Khayat\Documents\Razer
2018-01-06 13:43 - 2018-01-06 13:44 - 163539712 _____ (Razer Inc. ) C:\Users\Khayat\Downloads\RazerCortexSetup_8.4.17.561.exe
2018-01-05 08:36 - 2018-01-05 08:36 - 000000000 ____D C:\Program Files\Rockstar Games
2018-01-05 08:36 - 2018-01-05 08:36 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-01-04 19:55 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-04 19:55 - 2018-01-01 13:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-04 19:55 - 2018-01-01 13:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-04 19:55 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-04 19:55 - 2018-01-01 13:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-04 19:55 - 2018-01-01 13:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-04 19:55 - 2018-01-01 13:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-04 19:55 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-04 19:55 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-04 19:55 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-04 19:55 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-04 19:55 - 2018-01-01 13:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-04 19:55 - 2018-01-01 13:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-04 19:55 - 2018-01-01 13:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-04 19:55 - 2018-01-01 13:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-04 19:55 - 2018-01-01 13:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-04 19:55 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-04 19:55 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-04 19:55 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-04 19:55 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-04 19:55 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-04 19:55 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-04 19:55 - 2018-01-01 13:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-04 19:55 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-04 19:55 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-04 19:55 - 2018-01-01 13:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-04 19:55 - 2018-01-01 13:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-04 19:55 - 2018-01-01 13:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-04 19:55 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-04 19:55 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-04 19:55 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-04 19:55 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-04 19:55 - 2018-01-01 13:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-04 19:55 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-04 19:55 - 2018-01-01 13:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-04 19:55 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-04 19:55 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-04 19:55 - 2018-01-01 13:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-04 19:55 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-04 19:55 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-04 19:55 - 2018-01-01 13:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-04 19:55 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-04 19:55 - 2018-01-01 13:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-04 19:55 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-04 19:55 - 2018-01-01 13:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-04 19:55 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-04 19:55 - 2018-01-01 13:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-04 19:55 - 2018-01-01 13:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-04 19:55 - 2018-01-01 13:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-04 19:55 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-04 19:55 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-04 19:55 - 2018-01-01 13:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-04 19:55 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-04 19:55 - 2018-01-01 13:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-04 19:55 - 2018-01-01 13:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-04 19:55 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-04 19:55 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-04 19:55 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-04 19:55 - 2018-01-01 13:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-04 19:55 - 2018-01-01 13:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-04 19:55 - 2018-01-01 13:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:55 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-04 19:55 - 2018-01-01 13:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-04 19:55 - 2018-01-01 13:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-04 19:55 - 2018-01-01 13:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-04 19:55 - 2018-01-01 13:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-04 19:55 - 2018-01-01 13:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-04 19:55 - 2018-01-01 13:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-04 19:55 - 2018-01-01 13:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-04 19:55 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-04 19:55 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-04 19:55 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-04 19:55 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-04 19:55 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-04 19:55 - 2018-01-01 13:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-04 19:55 - 2018-01-01 13:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-04 19:55 - 2018-01-01 13:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-04 19:55 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-04 19:55 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-04 19:55 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-04 19:55 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-04 19:55 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-04 19:55 - 2018-01-01 12:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-04 19:55 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-04 19:55 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-04 19:55 - 2018-01-01 12:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-04 19:55 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 19:55 - 2018-01-01 12:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-04 19:55 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-04 19:55 - 2018-01-01 12:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-04 19:55 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-04 19:55 - 2018-01-01 12:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-04 19:55 - 2018-01-01 12:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-04 19:55 - 2018-01-01 12:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-04 19:55 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-04 19:55 - 2018-01-01 12:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-04 19:55 - 2018-01-01 12:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-04 19:55 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-04 19:55 - 2018-01-01 12:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-04 19:55 - 2018-01-01 12:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-04 19:55 - 2018-01-01 12:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-04 19:55 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-04 19:55 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-04 19:55 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-04 19:55 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-04 19:55 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-04 19:55 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-04 19:55 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-04 19:55 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-04 19:55 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 19:55 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-04 19:55 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 19:55 - 2018-01-01 12:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-04 19:55 - 2018-01-01 12:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-04 19:55 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-04 19:55 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-04 19:55 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-04 19:55 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-04 19:55 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-04 19:55 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-04 19:55 - 2018-01-01 12:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-04 19:55 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-04 19:55 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-04 19:55 - 2018-01-01 12:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-04 19:55 - 2018-01-01 12:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-04 19:55 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-04 19:55 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-04 19:55 - 2018-01-01 12:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-04 19:55 - 2018-01-01 12:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-04 19:55 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-04 19:55 - 2018-01-01 12:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-04 19:55 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-04 19:55 - 2018-01-01 12:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-04 19:55 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-04 19:55 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-04 19:55 - 2018-01-01 12:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-04 19:55 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-04 19:55 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-04 19:55 - 2018-01-01 12:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-04 19:55 - 2018-01-01 12:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-04 19:55 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-04 19:55 - 2018-01-01 12:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-04 19:55 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-04 19:55 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-04 19:55 - 2018-01-01 12:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-04 19:55 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-04 19:55 - 2018-01-01 12:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-04 19:55 - 2018-01-01 12:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-04 19:55 - 2018-01-01 12:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-04 19:55 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-04 19:55 - 2018-01-01 12:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-04 19:55 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-04 19:55 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-04 19:55 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-04 19:55 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-04 19:55 - 2018-01-01 12:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-04 10:12 - 2018-01-04 10:12 - 055043382 _____ C:\Users\Khayat\Downloads\30 Minutes of Call of Duty WWII Multiplayer Gameplay [1080p 60fps Playstation 4 Pro].mp4
2018-01-04 08:33 - 2018-01-04 08:34 - 079727990 _____ C:\Users\Khayat\Downloads\Handy Seamless Transition V3.zip
2018-01-03 20:42 - 2018-01-03 20:42 - 000094968 _____ C:\Users\Khayat\Downloads\cinema-4d-3d-fluff-dvd-volume-3-non-organic-modeling-w7yj3.html (2).torrent
2018-01-03 20:42 - 2018-01-03 20:42 - 000033461 _____ C:\Users\Khayat\Downloads\3D Fluff DVD Training for CINEMA 4D Vol 4 Advanced Lighting And Render (1).torrent
2018-01-03 20:41 - 2018-01-03 20:41 - 000094968 _____ C:\Users\Khayat\Downloads\cinema-4d-3d-fluff-dvd-volume-3-non-organic-modeling-w7yj3.html (1).torrent
2018-01-03 20:41 - 2018-01-03 20:41 - 000033461 _____ C:\Users\Khayat\Downloads\3D Fluff DVD Training for CINEMA 4D Vol 4 Advanced Lighting And Render.torrent
2018-01-03 20:35 - 2018-01-03 20:35 - 000094968 _____ C:\Users\Khayat\Downloads\cinema-4d-3d-fluff-dvd-volume-3-non-organic-modeling-w7yj3.html.torrent
2018-01-03 19:29 - 2018-01-03 19:29 - 000000000 ____D C:\Users\Khayat\Downloads\[26-12-17] - By Design (Project File)
2018-01-02 20:04 - 2018-01-02 20:04 - 000001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-01-02 20:03 - 2018-01-02 20:03 - 000000000 ____D C:\ProgramData\BlueStacks
2018-01-02 20:02 - 2018-01-02 20:04 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-01-02 16:34 - 2018-01-02 16:34 - 000000000 ____D C:\Users\Khayat\AppData\LocalLow\Boneloaf
2018-01-02 15:54 - 2018-01-02 16:05 - 477258034 _____ C:\Users\Khayat\Downloads\Gang.Beasts.v1.0.rar
2018-01-01 18:07 - 2018-01-01 18:07 - 000000000 ____D C:\Users\Khayat\AppData\Local\Red Giant
2018-01-01 18:00 - 2018-01-01 18:00 - 019504128 _____ (Red Giant LLC) C:\WINDOWS\system32\TCDesignerCore_14.dll
2018-01-01 17:58 - 2018-01-01 17:58 - 000000000 ____D C:\Users\Khayat\Downloads\TCSuite_Win_Full
2018-01-01 17:52 - 2018-01-01 17:55 - 733001225 _____ C:\Users\Khayat\Downloads\TCSuite_Win_Full.zip
2018-01-01 00:49 - 2018-01-01 00:49 - 000000000 ____D C:\Users\Khayat\Downloads\test
2018-01-01 00:47 - 2018-01-01 00:47 - 010125118 _____ C:\Users\Khayat\Downloads\test.zip
2017-12-31 16:58 - 2017-12-31 16:58 - 000050876 _____ C:\Users\Khayat\Downloads\FunctionCond_Bold.ttf
2017-12-31 16:57 - 2017-12-31 16:57 - 000050820 _____ C:\Users\Khayat\Downloads\Function_Bold.ttf
2017-12-30 21:40 - 2017-12-30 21:40 - 000254075 _____ C:\Users\Khayat\Downloads\tox_typewriter.zip
2017-12-30 14:47 - 2017-12-30 14:47 - 000000000 ____D C:\Users\Khayat\Downloads\LLOYDZ
2017-12-30 14:46 - 2017-12-30 14:46 - 002281653 _____ C:\Users\Khayat\Downloads\LLOYDZ (1).zip
2017-12-30 14:33 - 2017-12-30 14:33 - 002281653 _____ C:\Users\Khayat\Downloads\LLOYDZ.zip
2017-12-30 10:18 - 2017-12-30 10:18 - 000000000 ____D C:\Users\Khayat\Downloads\Sandy Beats
2017-12-30 10:17 - 2017-12-30 10:17 - 002784187 _____ C:\Users\Khayat\Downloads\Sandy Beats.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-29 15:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-29 14:59 - 2017-06-24 14:38 - 000000000 ____D C:\Users\Khayat\AppData\Local\CrashDumps
2018-01-29 14:59 - 2017-02-10 00:20 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-29 14:58 - 2017-12-01 21:46 - 001198114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-29 14:56 - 2017-06-24 14:37 - 000000000 __SHD C:\Users\Khayat\IntelGraphicsProfiles
2018-01-29 14:55 - 2017-12-01 21:23 - 000000000 ____D C:\Users\Khayat
2018-01-29 14:52 - 2017-12-01 21:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-29 14:52 - 2017-12-01 21:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-29 14:34 - 2017-06-25 21:00 - 000000000 ____D C:\Users\Khayat\AppData\Local\Battle.net
2018-01-29 14:23 - 2017-06-25 15:13 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\Spotify
2018-01-29 12:25 - 2017-06-25 15:14 - 000000000 ____D C:\Users\Khayat\AppData\Local\Spotify
2018-01-29 11:43 - 2017-06-25 21:02 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-01-29 11:43 - 2017-06-24 21:58 - 000000000 ____D C:\Users\Khayat\AppData\Local\Adobe
2018-01-29 11:37 - 2017-12-01 21:54 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D06AA33B-C2DE-4AB4-BB2B-72010C8DA626}
2018-01-29 11:37 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-29 11:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-29 11:37 - 2017-06-24 14:36 - 000000000 ____D C:\Users\Khayat\AppData\Local\Host App Service
2018-01-29 00:36 - 2017-11-18 09:01 - 000000000 ____D C:\Users\Khayat\Documents\ShareX
2018-01-28 22:23 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-28 20:56 - 2017-06-24 14:37 - 000000000 ____D C:\Users\Khayat\AppData\Local\VirtualStore
2018-01-28 20:24 - 2017-06-24 18:22 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-27 12:11 - 2017-06-25 18:33 - 000001456 _____ C:\Users\Khayat\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-01-27 10:57 - 2017-06-25 15:31 - 000000000 ____D C:\Users\Khayat\Desktop\Mike.K
2018-01-26 23:27 - 2017-06-24 14:38 - 000000000 ____D C:\Users\Khayat\AppData\Local\NVIDIA Corporation
2018-01-26 23:04 - 2017-06-26 17:34 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\.minecraft
2018-01-26 21:48 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-24 23:06 - 2017-06-24 18:18 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-24 23:06 - 2017-06-24 18:18 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-24 14:01 - 2017-12-01 21:24 - 000000000 ____D C:\Users\Khayat\AppData\Local\Packages
2018-01-24 12:57 - 2017-06-24 20:22 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 22:20 - 2017-06-25 21:06 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-01-23 20:13 - 2017-12-16 20:59 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\OctaneRender
2018-01-23 18:48 - 2017-06-24 22:40 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\obs-studio
2018-01-22 20:25 - 2017-12-01 21:16 - 000694832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-20 09:40 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-20 09:40 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-20 09:37 - 2017-11-05 16:56 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-19 21:33 - 2017-06-25 10:36 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\MAXON
2018-01-16 16:45 - 2017-11-14 12:15 - 000000000 ____D C:\Users\Khayat\AppData\Local\ElevatedDiagnostics
2018-01-13 18:19 - 2017-11-22 17:31 - 000000000 ____D C:\Users\Khayat\AppData\Local\Downloaded Installations
2018-01-13 18:07 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-12 12:47 - 2017-06-24 14:37 - 000000000 ____D C:\Users\Khayat\AppData\Local\ConnectedDevicesPlatform
2018-01-10 00:07 - 2017-08-19 14:51 - 000000000 ____D C:\Program Files\Bus Simulator 16
2018-01-09 23:17 - 2017-10-10 20:26 - 000000000 ____C C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 22:44 - 2017-06-26 11:13 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 21:57 - 2017-06-24 21:44 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\discord
2018-01-09 21:57 - 2017-06-24 21:44 - 000000000 ____D C:\Users\Khayat\AppData\Local\Discord
2018-01-09 21:13 - 2017-12-01 21:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1484636953-257239511-1633259089-1001
2018-01-09 21:12 - 2017-06-24 14:41 - 000002370 _____ C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-09 21:12 - 2017-06-24 14:41 - 000000000 ___RD C:\Users\Khayat\OneDrive
2018-01-08 07:16 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-07 22:11 - 2017-07-03 17:47 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\BitTorrent
2018-01-06 16:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-06 13:46 - 2017-07-06 20:57 - 000000000 ____D C:\Users\Khayat\AppData\Local\Razer
2018-01-06 13:46 - 2017-06-24 16:56 - 000000000 ____D C:\ProgramData\Razer
2018-01-06 13:45 - 2017-07-06 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-01-06 13:44 - 2017-06-24 16:56 - 000000000 ____D C:\Program Files (x86)\Razer
2018-01-05 19:56 - 2017-10-20 22:52 - 000000033 _____ C:\Users\Khayat\AppData\Roaming\AdobeWLCMCache.dat
2018-01-05 18:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-05 08:36 - 2017-10-12 16:38 - 000000000 ____D C:\Users\Khayat\Documents\Rockstar Games
2018-01-05 08:36 - 2017-10-12 16:37 - 000000000 ____D C:\Users\Khayat\AppData\Local\Rockstar Games
2018-01-04 21:39 - 2017-09-02 19:58 - 000000000 ____D C:\Users\Khayat\AppData\Roaming\vlc
2018-01-04 21:13 - 2017-06-24 20:05 - 000000000 ___RD C:\Users\Khayat\3D Objects
2018-01-04 21:13 - 2017-02-09 23:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-04 21:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-04 21:07 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-04 20:02 - 2017-09-29 14:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-04 20:00 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 19:59 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-02 20:03 - 2017-11-25 14:28 - 000000000 ____D C:\Users\Khayat\AppData\Local\Bluestacks
2018-01-02 20:03 - 2017-11-25 14:28 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-01-01 19:03 - 2017-06-24 18:39 - 000000000 ____D C:\Users\Khayat\BrawlhallaReplays
2018-01-01 18:04 - 2017-10-18 12:40 - 000000000 ____D C:\ProgramData\Red Giant
2018-01-01 17:59 - 2017-12-01 21:54 - 000003740 _____ C:\WINDOWS\System32\Tasks\Red Giant Link
2018-01-01 17:59 - 2017-10-18 12:40 - 000000000 ____D C:\Program Files (x86)\Red Giant Link
 
==================== Files in the root of some directories =======
 
2017-07-11 12:59 - 2017-07-11 12:59 - 000000014 _____ () C:\Users\Khayat\Activation.dll
2017-10-20 22:52 - 2018-01-05 19:56 - 000000033 _____ () C:\Users\Khayat\AppData\Roaming\AdobeWLCMCache.dat
2018-01-28 22:05 - 2018-01-28 22:05 - 000001255 _____ () C:\Users\Khayat\AppData\Roaming\MicrosoftOneDrive.lnk
2017-06-25 18:33 - 2018-01-27 12:11 - 000001456 _____ () C:\Users\Khayat\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-03 15:47 - 2017-12-03 20:29 - 000007597 _____ () C:\Users\Khayat\AppData\Local\Resmon.ResmonCfg
2017-06-24 21:41 - 2017-06-24 21:41 - 000000003 _____ () C:\Users\Khayat\AppData\Local\updater.log
2017-06-24 21:41 - 2017-06-24 21:41 - 000000425 _____ () C:\Users\Khayat\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
2017-12-23 07:58 - 2017-12-23 07:58 - 047106968 _____ (SweetLabs,Inc.) C:\Users\Khayat\AppData\Local\Temp\oct6DD4.tmp.exe
2015-01-14 10:32 - 2015-01-14 10:32 - 007186992 _____ (Microsoft Corporation) C:\Users\Khayat\AppData\Local\Temp\vcredist_x64.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT-KB890830.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-24 12:47
 
==================== End of FRST.txt ============================
 
 
 
Here are my Addition.txt logs:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Khayat (29-01-2018 15:11:15)
Running from C:\Users\Khayat\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-01 21:11:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1484636953-257239511-1633259089-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1484636953-257239511-1633259089-503 - Limited - Disabled)
Guest (S-1-5-21-1484636953-257239511-1633259089-501 - Limited - Disabled)
Khayat (S-1-5-21-1484636953-257239511-1633259089-1001 - Administrator - Enabled) => C:\Users\Khayat
WDAGUtilityAccount (S-1-5-21-1484636953-257239511-1633259089-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_0) (Version: 22.0.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Host App Service) (Version: 0.273.2.512 - SweetLabs)
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.4.332 - Autodesk)
Autodesk Featured Apps 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BitTorrent (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.54.65.1755 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Bus Simulator 16 (HKLM\...\YnVzc2ltdWxhdG9yMTY_is1) (Version: 1 - )
Cinema 4D 19.024 (HKLM\...\MAXONB1A7BB62) (Version: 19.024 - MAXON Computer GmbH)
Color Suite v11.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.1 - Red Giant, LLC)
Corona for Cinema 4D (HKLM\...\CoronaForC4D) (Version: B1 daily Sep 29 2017 - Render Legion a.s.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
DiRT 4 (HKLM-x32\...\DiRT 4_is1) (Version:  - )
Discord (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3019 - Acer Incorporated)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto IV Episodes from Liberty City v.1.1.2.0 (HKLM-x32\...\Grand Theft Auto IV Episodes from Liberty City_is1) (Version:  - )
Grand Theft Auto IV v.1.07.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version:  - )
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HDR Light Studio 5 (HKLM-x32\...\HDR Light Studio 5) (Version: 5.2017.0313 - Lightmap LTD)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Icons8 (HKLM-x32\...\{195AC760-D5CE-47B9-99EE-E144CD7BF94A}_is1) (Version: 5.8.1.7 - Icons8)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional 2016 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 16.0.8827.2148 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
OctaneRender 3.07 (HKLM-x32\...\OctaneRender 3.07) (Version: 3.07 - OTOY)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{4C6A5272-AB0C-4913-8E66-C7B408C761A4}) (Version: 40.11.1122.1796 - HP Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.4.17.561 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.26.0 - Red Giant, LLC)
Remotr version 1.3.1438 (HKLM-x32\...\Remotr_is1) (Version: 1.3.1438 - RemoteMyApp sp. z o.o.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Rules of Survival version 1.0.0 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.0.0 - Hong Kong Netease Interactive Entertainment Limited)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.0.0 - ShareX Team)
Sonic Mania (HKLM-x32\...\{B01CBC6F-72DE-4658-95AD-2135F00A8695}_is1) (Version:  - SEGA)
Spotify (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.8.5 (only current user) (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.8.5 - General Workings, Inc.)
Sundered (HKLM-x32\...\1116941879_is1) (Version: v. - GOG.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Trapcode Suite 14 (HKLM\...\Trapcode Suite 14 v14.0.4) (Version:  - Red Giant LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.2.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1484636953-257239511-1633259089-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1484636953-257239511-1633259089-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1484636953-257239511-1633259089-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1484636953-257239511-1633259089-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01A3E78D-3B7C-4BB3-9432-2F04C962AAEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {12774B93-17FF-4759-8628-3F16A640F026} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel® Corporation)
Task: {148FB177-1291-4A40-A5AF-03BF33DB6C1F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {18410713-934D-4D69-A2A8-A2F94734840D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {1D2C9602-99C5-464F-89E2-03BFFA223790} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {21506326-35E6-441E-8D0E-4FCB6750BEFE} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {2502E888-4763-490C-BD80-1C0A6AC86EE0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {261EBB4A-C8D5-41C7-9579-0CD0734E36FF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-09-13] (Acer Incorporated)
Task: {2CB4C7D7-40A4-4222-908B-768D3D08482D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {2D17D039-26E7-4F31-AEEA-16E438A416DF} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {32CBBE84-4F8F-460F-914C-0A6F30A78977} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {51EE571F-D7DC-4F79-B995-FE10F429C0FC} - System32\Tasks\Icons8 Check For Updates => C:\Program Files (x86)\Icons8\Icons8.Job.exe [2017-10-05] (Icons8 LLC)
Task: {60B1CB70-E34C-4935-B4E6-7C8B24F9D5AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {6950F976-CE8A-4395-87CF-2E8787D32C2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {7402171F-D32A-443F-AEA6-3704D391BCCF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {76EA0D43-7872-41C2-975F-67C39E7797EB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {85351625-80C0-46D1-AC7C-0BDC039E3FAF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-20] (Microsoft Corporation)
Task: {86695B88-97A1-4634-81B2-B329D45A04A8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-15] (Microsoft Corporation)
Task: {88071A8A-DDC5-4FA0-B83D-3FDC50861CDC} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-NL9QLONE-Khayat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {89B00CC3-61FD-4B91-9E1B-703AB568E0E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-15] (Microsoft Corporation)
Task: {977DA529-8A8A-4E58-90D6-DB88E609B373} - System32\Tasks\App Explorer => C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-21] (SweetLabs, Inc) <==== ATTENTION
Task: {980020FA-C370-4280-B7C7-A0D775309E7B} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {9C1A1077-019C-4D09-B06F-5B43429CD7CE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-20] (Microsoft Corporation)
Task: {A95F6898-3FB2-4BF5-8357-331561F3E5CA} - System32\Tasks\Red Giant Link => C:\Program [Argument = Files (x86)\Red Giant Link\Red Giant Link.exe]
Task: {A9F26E1E-0586-4A18-98A7-66384EC92772} - System32\Tasks\Icons8 Sync => C:\Program Files (x86)\Icons8\Icons8.Sync.exe [2017-10-05] (Icons8 LLC)
Task: {B9179A9D-9119-4374-A817-56772AB87748} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {D04372A8-D63B-4F6F-8EF7-8AB78AB6177C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {D1B76FD3-DA6A-4DAA-91D5-F0820CAAD679} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D5251EE2-0B1B-4F13-8673-056E9303E035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {D616242E-5246-4870-A971-087CAC08529F} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {D9BF1B2D-7020-4C88-9B70-504B19F99C05} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {DA9228A4-4ECA-4C93-9946-0577F4C021E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-24] (Google Inc.)
Task: {E4D073C6-F73F-4102-B184-6E3BE5A01E01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {EBE7D285-FF31-4211-A00D-639B3DA9C6AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-24] (Google Inc.)
Task: {F251D600-8896-4E76-AA3C-735058EF1237} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {FC353850-40C9-44D8-AE19-021E8F039EFC} - System32\Tasks\update-S-1-5-21-1484636953-257239511-1633259089-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1484636953-257239511-1633259089-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTOY\OctaneRender 3.07\Install Octane 3.07 Daemon.lnk -> C:\Program Files\OTOY\OctaneRender 3.07\_install_daemon.bat ()
Shortcut: C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTOY\OctaneRender 3.07\Start Octane 3.07 Daemon.lnk -> C:\Program Files\OTOY\OctaneRender 3.07\_run_installed_daemon.bat ()
Shortcut: C:\Users\Khayat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTOY\OctaneRender 3.07\Uninstall Octane 3.07 Daemon.lnk -> C:\Program Files\OTOY\OctaneRender 3.07\_uninstall_daemon.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-25 07:25 - 2017-11-16 02:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-26 01:52 - 2017-09-26 01:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-12-01 22:34 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-01 22:33 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-24 23:05 - 2018-01-24 08:48 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\libglesv2.dll
2018-01-24 23:05 - 2018-01-24 08:48 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\libegl.dll
2017-06-25 07:26 - 2017-11-16 02:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-01 21:29 - 2017-12-01 21:29 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-08-30 09:19 - 2016-08-30 09:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\Software\Classes\.scr: AutoCADScriptFile => 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\sharepoint.com -> hxxps://schulewohlen-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2017-07-10 12:22 - 000000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\Control Panel\Desktop\\Wallpaper -> c:\users\khayat\downloads\lake-aurora-3840x2160-4k-hd-wallpaper-florida-night-sky-stars-12771.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Razer Chroma SDK Server => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UEIPSvc => 3
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\StartupApproved\Run: => "HP OfficeJet 4650 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{28E10DF5-24EB-4B9C-849F-71FD6B2AC20C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EB5651AC-185E-4D19-850B-221869011495}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{7F5FAE88-BB66-42BD-87BB-6FE91779DA37}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{F95C46C9-BD94-4C4D-859B-F1C963E99578}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{CA04A65C-B23B-44B6-87CC-58A4BA129659}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{9106E1C4-C861-410A-8BDB-D2106814BAF6}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{71E1FD8A-E7FF-4FD0-B620-E42AE7E0570B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{B3D7BEFD-0510-4883-9F94-91C1EE5517BD}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{88013F77-E0B2-4E7C-AEFB-04A0A0DC7917}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9B596B5F-E6A0-4549-AB00-6E4FEE6D0E60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{16BF719B-CC2D-4A48-80C0-6AB113675118}] => (Allow) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\outlook.exe
FirewallRules: [UDP Query User{B469C8E9-F74F-4FCD-B431-E78EA7E468F2}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [TCP Query User{0064D935-D638-4B3B-80FC-1C8634CA8EC9}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [UDP Query User{5B6B2614-9F68-41EC-AA75-EFB1767EB3EE}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{239E4D3A-C4D2-4BE2-9EA1-C282516D6942}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{45A6BD25-BCB9-475F-A744-06B89F71F934}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{BFC4FC9B-080D-45B9-BC43-86E293EB36DB}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{7FDC4376-33CD-4C14-B578-AB2132852EF0}C:\users\khayat\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\khayat\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{DB9A4BED-32C4-4CAD-98D9-37DAE08CD82D}C:\users\khayat\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\khayat\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8F9D2320-B48C-40B5-87CC-EE14B6FDB01F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{328C9B1D-2F5C-4BE7-921E-6DCBEAA14856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{88E955CB-BE84-407E-9543-31717BE1ADBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAID World War II Beta\raid_win64_d3d9_release.exe
FirewallRules: [{384280C0-2A5E-4A30-8225-BBA2EF26B177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAID World War II Beta\raid_win64_d3d9_release.exe
FirewallRules: [UDP Query User{3E2B4982-BA1F-4BC5-BE88-4FC1371A5B0B}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{F9314F74-E6C2-41B8-9404-98886FFCC685}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{58EBF607-6880-4F53-A270-7AC80F780A6D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{7E7A6FFF-866F-4A79-88DE-A692674EF7AA}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{2B041814-E3A1-4CCF-9859-9CE460248F95}C:\users\khayat\desktop\machine world 2\machine world 2\machineworld2.exe] => (Allow) C:\users\khayat\desktop\machine world 2\machine world 2\machineworld2.exe
FirewallRules: [TCP Query User{8A1F2BE3-2137-4D9F-A389-1B29128EE3BA}C:\users\khayat\desktop\machine world 2\machine world 2\machineworld2.exe] => (Allow) C:\users\khayat\desktop\machine world 2\machine world 2\machineworld2.exe
FirewallRules: [UDP Query User{97CFCFDD-B537-4916-8DBD-CEB0160074C9}C:\users\khayat\desktop\next day survival\next day survival\nextday_game.exe] => (Allow) C:\users\khayat\desktop\next day survival\next day survival\nextday_game.exe
FirewallRules: [TCP Query User{F683B7A3-00B4-4440-B73D-0F9AD8ACBE79}C:\users\khayat\desktop\next day survival\next day survival\nextday_game.exe] => (Allow) C:\users\khayat\desktop\next day survival\next day survival\nextday_game.exe
FirewallRules: [{4D8B4180-A866-487C-99F6-28AEE6CC446A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE89CF0F-6A53-4048-AA51-054C76EE545F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D61CEC32-AE85-4E57-873D-1D157752489B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B6912120-2F81-4BF0-8C48-FFF4C60CD8E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{2AAE3BD4-8EE7-4B85-A460-74310F475DE7}C:\users\khayat\desktop\games\simpleplanes\simpleplanes.exe] => (Allow) C:\users\khayat\desktop\games\simpleplanes\simpleplanes.exe
FirewallRules: [TCP Query User{2C4B06CA-338C-4A0C-A7BD-9735EB09EFD7}C:\users\khayat\desktop\games\simpleplanes\simpleplanes.exe] => (Allow) C:\users\khayat\desktop\games\simpleplanes\simpleplanes.exe
FirewallRules: [UDP Query User{F619C778-F03C-46E7-9BBB-A0154F409E36}C:\users\khayat\desktop\simpleplanes\simpleplanes.exe] => (Allow) C:\users\khayat\desktop\simpleplanes\simpleplanes.exe
FirewallRules: [TCP Query User{DB4E76AA-B10D-41F9-8F80-68500D2783A5}C:\users\khayat\desktop\simpleplanes\simpleplanes.exe] => (Allow) C:\users\khayat\desktop\simpleplanes\simpleplanes.exe
FirewallRules: [{9F1D4516-EF37-41DE-9307-60AEBD0A5B4E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{31075A60-FDA4-4273-ADE8-04A3A7E0A77C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B3D932AD-F454-4DD7-AEC4-7457B2096C76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{0A661E15-8142-4A98-B583-D024C589970F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{57FA9A95-8B87-480F-8213-E2E8F0D563C4}] => (Block) C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{794DF4F9-07CC-406D-8DA9-678EB1E370FA}] => (Block) C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{F66A8162-E3B7-496C-8B5F-B078048CF50F}C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [TCP Query User{3B2C2271-EE0B-4097-9533-6D8A80071E74}C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\users\khayat\desktop\games\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{C77B02E7-6FB9-4548-8CEC-B318A2E12907}] => (Block) C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{850D6AA6-B7EB-4FE6-A7B5-F23995896FE1}] => (Block) C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{46F6E867-4BDA-469E-AC0A-19C882F51645}C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [TCP Query User{63AF0C26-E8BB-4106-BCAE-17391963F6B3}C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\users\khayat\desktop\beamng.drive\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{D31C3F54-3378-465B-AA07-3165FBC45B0B}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{045CDFFC-E893-4D69-8DFF-DE27BB4A857F}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{8FA91B82-D038-45CB-83D4-B8B2DB3482D0}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EA49C07A-B5B8-4AC0-8603-E3049312C98E}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{67F7BB30-5C38-44F0-892B-2464604AD72F}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0ABB03A9-66DE-4CCF-BEDF-C9253C9930D0}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3CCCFA22-B387-43B2-9EEA-908B3824FE71}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FF50C146-799B-49EC-AA4D-B7FE63EBFE8B}] => (Allow) C:\Users\Khayat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{59AC1E38-94EF-4C1D-ADED-742282A80E8B}] => (Block) C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe
FirewallRules: [{FDAD2B44-7649-4F6E-9876-565BEB76CC8D}] => (Block) C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe
FirewallRules: [UDP Query User{62B9B21B-33CF-4D56-AD47-076E892A5A0B}C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe
FirewallRules: [TCP Query User{322E19B6-25F6-427A-85DC-D473A913EC21}C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\argo\argo_x64.exe
FirewallRules: [{F22BF039-1CF8-42EA-8914-C86D576DE0E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A6F8CB70-9860-497C-BA01-E0A2D17D8233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8C0E81D8-A511-4DB9-8E7A-0BD1288ED1F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82D83578-C48F-4594-8E64-DDBB314F9306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4801BA18-CDD4-4BC3-BBA7-5CF069161E97}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF5D2A1B-F122-43B5-94C8-8D0F1EB28635}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{D519DF79-E61B-438C-A10C-3986694820A0}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{966FA3A9-506D-4413-A9AB-5A0CFEB6D932}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{EFAC24B7-95A1-470A-B93E-65EE9BC437B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{97FAB995-C631-4285-8E2B-FCA3FB3CCC61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [UDP Query User{1E8029DE-FD2C-476D-AC9E-E1A7C22FE2C0}C:\users\khayat\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khayat\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0EFDEFD8-721E-45F8-ACD4-7C1CAD09D4F1}C:\users\khayat\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khayat\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2D156277-7426-45DF-BA52-E1D90A46B384}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{DA71640F-9CBF-44EA-8FC5-D6BA68D5DBF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{09448E72-03FB-4D7E-ADA4-337A5937C4DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{47B795F5-6DD7-47FD-B544-BD1B093C368E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{913B7461-0E2D-4B3A-BC3F-FA93E8EE5577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E43BBBD0-13BA-4854-8A44-8E6035C84C6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{151F9610-CC49-4426-8A8F-546D84C39642}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39ECB15A-9A31-49BA-89B8-BA2CF3F9F99A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{096B6884-8DCF-4A3D-9F42-0374C262DC6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D564A0FB-269B-4A4B-AB46-51900EA85A88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3B12BBF2-FB43-47C4-8166-5531BFD2E26C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{077D55FD-AD7F-46CE-937F-55E86B46F332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F1F30A3B-1431-4273-8ED6-74F500ED088F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{14CDB58E-8788-406B-9C7C-3CC471F00BD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{269EFAFC-A8CC-4734-B21C-A486568D5040}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{77B73CC7-6325-47EA-A932-1B1E772C73C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2947FCF3-932C-4C92-8F07-065B0629E449}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1D7F3681-43AA-462E-AD8F-4382AB8BFBFC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FD154944-75AC-4594-9F37-0AA8DF92D612}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3668050-3E86-4CF1-BE29-D375AA6413CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3650B4B0-1B1E-4834-9FF7-81B723165EE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B815819-8226-43D6-AAA2-2286ED721FB1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C2742D0A-FB97-4976-9530-5FBCAA66535C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9241E413-70E7-49A8-8424-DE745E78131C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CB23F4CE-30E0-40AB-B139-5E8676F18473}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{EE2EC41D-8559-4424-813D-14182E28D460}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{7488FB54-C62B-49A6-AC8A-C70C4FA2E4ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E7D012C8-A40C-473C-9585-452BDC0C40E4}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8ED2CFFE-4958-4238-B440-21EC12C3672D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{06DB755E-9FA1-4220-8BC3-27A65A0F8431}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FDD924BE-F5CC-4F41-81DF-DC9F5A278BE0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{EC6CC3ED-83A4-4A9A-B18E-1AF9C904D0AC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{258CA97D-3807-4760-81AA-0970308EE8F7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E513BEEC-20CA-4835-9377-08611F6F1891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{7C19B9C4-8E1F-4C70-98F7-2DA24DB71E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [TCP Query User{AFE5172E-4A94-4E1A-A5C6-BD129AAA5D45}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{C2C1B391-4671-4965-B8C3-A4BC7DBC6046}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{86FD63A0-03DD-49B9-9009-D7A27C550389}C:\users\khayat\desktop\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\khayat\desktop\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [UDP Query User{A566879C-525E-44D8-91B1-8EF00B056866}C:\users\khayat\desktop\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\khayat\desktop\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [{AB207848-4B87-4C22-A2A8-E2A1F3DC374B}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{293D9246-E8F2-4714-BC09-F12A328BA161}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{1F32AF11-B92F-4601-B942-714B46104EC2}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{0AFE6414-55D4-4099-B98E-51FF4B53E5BB}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{A8BEB459-D5EE-4E0C-B182-D921CC93A8BD}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{3BD548B9-11B3-4FA8-B75C-4B3BF7ED5F82}] => (Allow) LPort=5357
FirewallRules: [{A8639581-D146-4BC0-8F8F-390BC958F29F}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{64B8766E-9A7E-41A7-8AEE-967F6A8C806A}C:\users\khayat\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khayat\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{581E3D0D-7469-4A7F-8443-9E7BA1814DC1}C:\users\khayat\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khayat\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6CAE467F-5269-4FE9-8893-9A0D12BD61E3}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{3971F1BF-F271-4FE0-A0B1-34B11460A884}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{FC7ECB77-3D8B-420D-AF53-EDA946891506}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C4EFE197-981A-4A39-AE55-8C715ED01595}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{BD1430BE-1F34-478B-A6B5-E3AA3E404FD7}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{4A0A0C8F-FF25-42C1-A136-F766AE80077A}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{4040D9A6-522A-4A84-A946-2679DD4EDCB9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{492E7713-E1F4-4D61-947A-5E5383CA4595}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{25BEF549-91D1-4AB0-ADC8-4EAD16C65C60}C:\users\khayat\desktop\games\counter-strike global offensive\csgo.exe] => (Allow) C:\users\khayat\desktop\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{717DBFEC-2EBD-4AFB-9ED9-0E1135BA4DEA}C:\users\khayat\desktop\games\counter-strike global offensive\csgo.exe] => (Allow) C:\users\khayat\desktop\games\counter-strike global offensive\csgo.exe
FirewallRules: [{6F967D56-6CDE-4F61-B8B6-29EA155B08E2}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane.exe
FirewallRules: [{497D5D01-7BAE-4E22-B5B8-165B003AB5B3}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane.exe
FirewallRules: [{5A5FF0B2-AE3D-48BE-A4BC-CC7AFCC85AC6}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane-cli.exe
FirewallRules: [{915EE1B3-B4AB-4306-9B96-5963536A29CE}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane-cli.exe
FirewallRules: [{A51BCCA7-5A6D-46E5-8D68-38A81DA08DD0}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane_slave.exe
FirewallRules: [{6AF90510-316F-41C0-9A30-B8D1EEC10C5E}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane_slave.exe
FirewallRules: [{D80F4D2F-BF97-41AC-B2D1-D5873BFDD8D5}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane_slave_daemon.exe
FirewallRules: [{371475FF-5B36-4D67-9B75-F47E9BFACB55}] => (Allow) C:\Program Files\OTOY\OctaneRender 3.07\octane_slave_daemon.exe
FirewallRules: [TCP Query User{D8EFFD1D-AC10-43EC-AE9D-7625E8311016}C:\program files\maxon\cinema 4d r19\cinema 4d.exe] => (Allow) C:\program files\maxon\cinema 4d r19\cinema 4d.exe
FirewallRules: [UDP Query User{44A5770C-766F-4E07-AB67-D51BBEC1BF83}C:\program files\maxon\cinema 4d r19\cinema 4d.exe] => (Allow) C:\program files\maxon\cinema 4d r19\cinema 4d.exe
FirewallRules: [TCP Query User{04394955-A638-4D65-85FC-A0E95CB3FF12}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{2A37B651-E516-4503-A91A-816DFDC68933}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{6105AA87-8596-443B-915F-DAE233FBE054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B19E2917-55DA-40EB-9BDC-1C2F1372DCAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{6188F4E8-086B-4F45-8521-D77647E92F01}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{7F86BC05-0E42-4DD2-ACCD-0AB005300D36}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{DFBD692B-75AD-45BD-AAEA-9AD0A5D0ADB6}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{C430E3B1-5EBB-4CAD-989F-143A4ECC5287}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{ADAD306A-D8FC-43B2-8B76-11DA7D2121E8}] => (Allow) C:\Users\Khayat\Desktop\LiquidSkyClient0.2.9.exe
FirewallRules: [{9AA6D174-13B5-4922-9F1D-CEB12480DB80}] => (Allow) C:\Users\Khayat\Desktop\LiquidSkyClient0.2.9.exe
FirewallRules: [TCP Query User{3813616B-B875-4B95-9058-63CF5E4E7D85}C:\users\khayat\appdata\roaming\liquidsky\lib\liquidsky.exe] => (Allow) C:\users\khayat\appdata\roaming\liquidsky\lib\liquidsky.exe
FirewallRules: [UDP Query User{7D51797D-8E17-4B1D-8251-6BE226B0CCDC}C:\users\khayat\appdata\roaming\liquidsky\lib\liquidsky.exe] => (Allow) C:\users\khayat\appdata\roaming\liquidsky\lib\liquidsky.exe
FirewallRules: [{989D5BDD-7357-4FDC-A600-64579F43A4C8}] => (Allow) C:\Users\Khayat\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{36D44141-BA47-489F-8CA7-BF3194ABECD1}] => (Allow) C:\Users\Khayat\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [TCP Query User{0A56932D-C83E-4DAB-9379-2DC6D8ECDA8C}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{0E37B4B8-BF7B-42EB-B4AE-077C56694F99}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{6385CD75-4022-4BDD-A120-60A247EF4F42}C:\users\khayat\desktop\gang.beasts.v1.0\gang beasts\gang beasts.exe] => (Allow) C:\users\khayat\desktop\gang.beasts.v1.0\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{42FE046E-6597-4649-B522-BD2C798B654B}C:\users\khayat\desktop\gang.beasts.v1.0\gang beasts\gang beasts.exe] => (Allow) C:\users\khayat\desktop\gang.beasts.v1.0\gang beasts\gang beasts.exe
FirewallRules: [{622B28E5-EE3A-4A25-B11E-D911B6A14359}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{4F2A4FC5-CAAD-4B8C-BD2D-472041C9EE80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{E7683F14-758D-4286-B425-512F19B5F458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{23D22246-B282-4C65-9081-76B7EB97F814}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3DCE7FF1-CBD4-499F-8B20-6E2781233C12}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{4B0E1F8E-A2A3-4E5B-ACA6-1BDF02D49D6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6EBCEE81-DEBC-4767-9314-3F1504C2EC59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD24262-E5C2-438B-A90B-D42E1C35F2AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F99A2DC2-56A2-4454-A11E-CD741C708438}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5ED5692-9D90-462E-839C-304553617716}] => (Allow) C:\Program Files (x86)\Remotr\RemotrServer.exe
FirewallRules: [{3FABCA95-2912-4A97-8E10-76B78DA6862E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F5D00079-EB48-4DB1-95FC-61896273E24B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{EAD4DC73-6BB1-4775-8C94-ACF3F0A3D561}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{2F474D0E-786F-4140-B364-EE68439272A9}] => (Allow) C:\Users\Khayat\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{FA6605A0-3A50-425B-8C72-ADB142EE1C20}] => (Allow) C:\Users\Khayat\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{07532EE9-A6DB-4A72-A257-5B3D4AB00F5F}] => (Allow) C:\Users\Khayat\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{18E3B583-093E-4314-B3EC-23DDC681B12B}] => (Allow) C:\Users\Khayat\AppData\Roaming\Lib\ntskrnl.exe
 
==================== Restore Points =========================
 
24-01-2018 20:08:13 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/29/2018 02:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FubTool.exe, version: 1.0.0.0, time stamp: 0x5552d559
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xe0434352
Fault offset: 0x0000000000013fb8
Faulting process id: 0x1450
Faulting application start time: 0x01d399091259b8b4
Faulting application path: C:\OEM\Preload\FubTool\FubTool.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f9814c76-0929-42ce-92bf-5a75dd451f4f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2018 02:58:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FubTool.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalMove(System.String, System.String, Boolean)
   at FubTracking.FubFileProcess.ClearFile(Boolean)
   at FubTracking.Program.FileCreateProcess()
   at FubTracking.Program.Main(System.String[])
 
Error: (01/29/2018 11:35:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FubTool.exe, version: 1.0.0.0, time stamp: 0x5552d559
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xe0434352
Fault offset: 0x0000000000013fb8
Faulting process id: 0xd4
Faulting application start time: 0x01d398ecdadcdfe7
Faulting application path: C:\OEM\Preload\FubTool\FubTool.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: becbcc5f-36bf-4794-b157-04e082bd6339
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2018 11:35:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FubTool.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalMove(System.String, System.String, Boolean)
   at FubTracking.FubFileProcess.ClearFile(Boolean)
   at FubTracking.Program.FileCreateProcess()
   at FubTracking.Program.Main(System.String[])
 
Error: (01/29/2018 12:56:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 374282
 
Error: (01/29/2018 12:56:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 374282
 
Error: (01/29/2018 12:56:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/29/2018 12:56:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 358688
 
Error: (01/29/2018 12:56:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 358688
 
Error: (01/29/2018 12:56:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/29/2018 03:00:06 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-NL9QLONE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-NL9QLONE\Khayat SID (S-1-5-21-1484636953-257239511-1633259089-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/29/2018 02:54:43 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service cphs with arguments "Unavailable" in order to run the server:
{C41B1461-3F8C-4666-B512-6DF24DE566D1}
 
Error: (01/29/2018 02:54:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/29/2018 02:54:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
 
Error: (01/29/2018 02:54:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/29/2018 02:54:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update service service to connect.
 
Error: (01/29/2018 02:54:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzActionSvc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/29/2018 02:54:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RzActionSvc service to connect.
 
Error: (01/29/2018 02:54:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cphs service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/29/2018 02:54:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cphs service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-13 14:03:11.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:11.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:09.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:09.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:08.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:08.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:01.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:03:01.604
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:02:59.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-13 14:02:59.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 12%
Total physical RAM: 16252.22 MB
Available physical RAM: 14146.12 MB
Total Virtual: 18684.22 MB
Available Virtual: 16767.52 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:314.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 521B052A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Thats all. Thank you in advance.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 30 January 2018 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

App Explorer (HKU\S-1-5-21-1484636953-257239511-1633259089-1001\...\Host App Service) (Version: 0.273.2.512 - SweetLabs)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(SweetLabs, Inc) C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Tcpip\..\Interfaces\{898acc7e-0c92-4f0a-8a3a-3f1d6299cc6b}: [DhcpNameServer] 40.30.1.55
S2 IntelSSTSvc; "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {977DA529-8A8A-4E58-90D6-DB88E609B373} - System32\Tasks\App Explorer => C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-21] (SweetLabs, Inc) <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
C:\Windows\System32\Tasks\App Explorer
C:\Users\Khayat\AppData\Local\Temp\oct6DD4.tmp.exe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Ifthe problem persists and you are Syncing Chrome with other devices reset it.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

#3 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 31 January 2018 - 06:42 AM

Hello nasdaq, thanks a lot for your help.

 

I've done as you asked, here are the fixlog.txt logs

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Khayat (31-01-2018 12:04:45) Run:1
Running from C:\Users\Khayat\Desktop\FRST Folder
Loaded Profiles: Khayat (Available Profiles: Khayat)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(SweetLabs, Inc) C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Tcpip\..\Interfaces\{898acc7e-0c92-4f0a-8a3a-3f1d6299cc6b}: [DhcpNameServer] 40.30.1.55
S2 IntelSSTSvc; "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Khayat\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {977DA529-8A8A-4E58-90D6-DB88E609B373} - System32\Tasks\App Explorer => C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-12-21] (SweetLabs, Inc) <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
C:\Windows\System32\Tasks\App Explorer
C:\Users\Khayat\AppData\Local\Temp\oct6DD4.tmp.exe
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Khayat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => Could not close process
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{898acc7e-0c92-4f0a-8a3a-3f1d6299cc6b}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\IntelSSTSvc" => removed successfully
IntelSSTSvc => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced" => removed successfully
"HKLM\Software\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSyncing" => removed successfully
"HKLM\Software\Classes\CLSID\{C1E1456F-C2D8-4C96-870D-35F1E13941EE}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudToBeSynced" => removed successfully
"HKLM\Software\Classes\CLSID\{307523FA-DDC0-4068-983F-2A6B34627744}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{977DA529-8A8A-4E58-90D6-DB88E609B373} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{977DA529-8A8A-4E58-90D6-DB88E609B373}" => removed successfully
C:\WINDOWS\System32\Tasks\App Explorer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"C:\Windows\System32\Tasks\App Explorer" => not found
C:\Users\Khayat\AppData\Local\Temp\oct6DD4.tmp.exe => moved successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::7db2:af50:9f0a:86af%8
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Default Gateway . . . . . . . . . : 25.0.0.1
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
An error occurred while renewing interface Hamachi : unable to contact your DHCP server. Request has timed out.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::7db2:af50:9f0a:86af%8
   IPv4 Address. . . . . . . . . . . : 192.168.8.104
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.8.1
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Default Gateway . . . . . . . . . : 25.0.0.1
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 214529144 B
Java, Flash, Steam htmlcache => 193402842 B
Windows/system/drivers => 14267034 B
Edge => 2410624 B
Chrome => 791731827 B
Firefox => 10609152 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 13406 B
LocalService => 0 B
NetworkService => 441256 B
Khayat => 77118294848 B
 
RecycleBin => 27482 B
EmptyTemp: => 73 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:25:46 ====
 
 
I also reset chrome as you asked, and deleted old version of java + installed newest version, I will update you on how things run while I'm in-game / running photoshop while having chrome open, thank you so much! 

Attached Files


Edited by Sackboy90210, 31 January 2018 - 06:43 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 AM

Posted 06 February 2018 - 08:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users