Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious activity in my PC, paranoid it could be a rootkit.


  • This topic is locked This topic is locked
54 replies to this topic

#1 confusedangrybewilde

confusedangrybewilde

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 March 2018 - 12:38 PM

Hey.
I found this website while looking on the internet for solutions and similar cases to mine, but I have not found any.

A few months ago I wiped my hard drive and installed Windows 7 freshly on it. I have been quite careful but I share the computer with another person, they have their own user.

 

Recently i've seen some slowdown and loading on my computer, but nothing that isn't too out of the ordinary. Malwarebytes finds nothing every time, but the scan seems uninterrupted. 
Yesterday, a friend reccomended I install a second antivirus (hindsight is 20/20) so i grabbed the McAfee free trial and installed.
McAfee takes up an awful lot of memory so I considered replacing it after scanning my PC in safe mode.

it found nothing on a full scan. I switched to my PC's other user (which does not have admin permissions, must enter password for my user first.) and recieved an admin permissions popup for a program called "Windows Command Processor."

 

I selected no and looked online to see what the program is, only to discover that it is semi-old malware. I looked at where the file was requesting from (the dropdown menu on the admin privileges popup) and it came from SYSWOW64's cmd.exe, as well as a .bat file in McAfee.

 

I was incredibly tired and decided to just uninstall McAfee (Which absolutely came from the right website). As I uninstalled it, a suspicious cmd window popped up and vanished in an instant. This was terrifying to me.

 

I restarted and signed on to the non-admin user, discovering that the admin privilege popup was no longer appearing. My PC seemed entirely normal, with nothing found by Malwarebytes even on safe mode with the internet off.

I checked netstat to see if there were any foreign or strange IP Addresses attached to my PC, but I have trouble decoding what is normal and what is not.

 

 

 

Please help, if you have any idea what is going on. I am paranoid beyond belief of viruses. 
EDIT: Apologies for not having run Farbar, I can run it when I get home later today. I understand that it is likely annoying that I was unable to follow the instructions in the sticky post.


Edited by confusedangrybewilde, 05 March 2018 - 01:12 PM.


BC AdBot (Login to Remove)

 


#2 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 05 March 2018 - 03:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Terence (administrator) on GENESIS (05-03-2018 15:23:03)
Running from C:\Users\Terence\Desktop
Loaded Profiles: Terence (Available Profiles: Terence & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-06] (Oracle Corporation)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [Discord] => C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-685522172-1761956412-1681975708-1003\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5BADC322-34EB-4E87-AA41-B2E755BFD1FE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-21] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-21] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default [2018-03-05]
CHR Extension: (Slides) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21]
CHR Extension: (Docs) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21]
CHR Extension: (Google Drive) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-21]
CHR Extension: (YouTube) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-21]
CHR Extension: (uBlock Origin) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-21]
CHR Extension: (Sheets) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-21]
CHR Extension: (Gmail) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2018-01-31] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2018-01-31] (Advanced Micro Devices)
S3 cpuz143; C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2017-12-19] (CPUID) <==== ATTENTION
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-05] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-05 15:23 - 2018-03-05 15:23 - 000011735 _____ C:\Users\Terence\Desktop\FRST.txt
2018-03-05 15:22 - 2018-03-05 15:23 - 000000000 ____D C:\FRST
2018-03-05 15:22 - 2018-03-05 15:22 - 002403328 _____ (Farbar) C:\Users\Terence\Downloads\FRST64.exe
2018-03-05 15:22 - 2018-03-05 15:22 - 002403328 _____ (Farbar) C:\Users\Terence\Desktop\FRST64.exe
2018-03-05 11:52 - 2018-03-05 11:52 - 000305685 _____ C:\Users\Mom\Downloads\SMITH, CYNTHIA (Gov) (1).pdf
2018-03-05 11:51 - 2018-03-05 11:51 - 000305685 _____ C:\Users\Mom\Downloads\SMITH, CYNTHIA (Gov).pdf
2018-03-05 00:20 - 2018-03-05 00:23 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-05 00:20 - 2018-03-05 00:20 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-05 00:19 - 2018-03-05 00:19 - 036465728 _____ (Adlice Software ) C:\Users\Mom\Downloads\setup.exe
2018-03-05 00:02 - 2018-03-05 00:02 - 008222496 _____ (Malwarebytes) C:\Users\Mom\Downloads\adwcleaner_7.0.8.0.exe
2018-03-04 23:44 - 2018-03-05 00:07 - 000000000 __RSD C:\Users\Mom\Documents\McAfee Vaults
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\LocalLow\Adobe
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\McAfee File Lock
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\CEF
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\Adobe
2018-03-04 18:38 - 2016-03-07 15:38 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2018-03-04 18:37 - 2018-03-05 00:25 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-04 18:37 - 2018-03-05 00:25 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-04 18:36 - 2018-03-05 00:25 - 000000000 ____D C:\ProgramData\McAfee
2018-03-04 18:36 - 2018-03-04 18:42 - 000000049 _____ C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
2018-03-04 09:14 - 2018-03-04 09:14 - 000185334 _____ C:\Users\Terence\Downloads\Appendix A4.jpeg
2018-03-04 09:14 - 2018-03-04 09:14 - 000164771 _____ C:\Users\Terence\Downloads\Appendix A3.jpeg
2018-03-04 09:13 - 2018-03-04 09:13 - 000159587 _____ C:\Users\Terence\Downloads\Appendix A2.jpeg
2018-03-04 07:44 - 2018-03-05 15:15 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-04 02:17 - 2018-03-04 02:18 - 000003572 _____ C:\Windows\System32\Tasks\apricot
2018-03-03 16:49 - 2018-03-03 16:49 - 000498149 _____ C:\Users\Terence\Downloads\EbonyArmorMaleNeckFix-4428-1.zip
2018-03-03 09:57 - 2018-03-03 09:57 - 000029944 _____ C:\Users\Terence\AppData\Local\recently-used.xbel
2018-03-02 15:36 - 2018-03-02 15:36 - 001222455 _____ C:\Users\Terence\Downloads\Blank+_fe7badad8d28d1931161871008be66f5.mp4
2018-02-28 21:22 - 2018-02-28 21:22 - 000194975 _____ C:\Users\Terence\Downloads\Blank+_952cdb39e475fe5d0f9e7e5454401df3.mp4
2018-02-28 21:07 - 2018-02-28 21:07 - 000541773 _____ C:\Users\Terence\Downloads\Blank+_278a6b9b43cd068c91d5f8c6d242ec47.mp4
2018-02-27 16:06 - 2018-02-27 16:06 - 014282475 _____ C:\Users\Terence\Downloads\DDLCtVN-master.zip
2018-02-26 21:10 - 2018-02-26 21:10 - 000326608 _____ C:\Users\Terence\Downloads\OurTime_Fix.rar
2018-02-26 21:06 - 2018-02-26 21:06 - 042433653 _____ C:\Users\Terence\Downloads\OurTime_demo (1).rar
2018-02-26 21:04 - 2018-02-26 21:04 - 042433653 _____ C:\Users\Terence\Downloads\OurTime_demo.rar
2018-02-26 20:53 - 2018-03-05 00:04 - 000000000 ____D C:\AdwCleaner
2018-02-26 20:03 - 2018-02-26 20:19 - 000000000 ____D C:\Users\Terence\Desktop\Cooking (1)
2018-02-26 19:24 - 2018-02-26 19:24 - 000535709 _____ C:\Users\Terence\Downloads\Blank+_006fd997ce879988cde83812ceadc3a0.mp4
2018-02-20 19:28 - 2018-02-20 19:28 - 004198826 _____ C:\Users\Terence\Documents\TrailviewProposalTerence7.pdf
2018-02-20 18:04 - 2018-02-20 18:04 - 000186655 _____ C:\Users\Terence\Downloads\image2 (1).jpeg
2018-02-20 18:04 - 2018-02-20 18:04 - 000163119 _____ C:\Users\Terence\Desktop\image3 (1).jpeg
2018-02-20 18:04 - 2018-02-20 18:04 - 000152609 _____ C:\Users\Terence\Downloads\image1 (2).jpeg
2018-02-20 17:54 - 2018-02-20 17:54 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising (2).pdf
2018-02-20 17:52 - 2018-02-20 17:52 - 002180852 _____ C:\Users\Terence\Downloads\image1 (1).jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000186655 _____ C:\Users\Terence\Desktop\image2.jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000170293 _____ C:\Users\Terence\Desktop\image4.jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000163119 _____ C:\Users\Terence\Downloads\image3.jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000152609 _____ C:\Users\Terence\Downloads\image1.jpeg
2018-02-20 09:07 - 2018-02-20 09:07 - 000673028 _____ C:\Users\Terence\Downloads\I+did+not+see+the+grass+at+first+so+i+_5527554dfcd9766c795b6e3e58f05698.mp4
2018-02-19 22:59 - 2018-02-19 22:59 - 000477300 _____ C:\Users\Terence\Downloads\All+righty+then+_a3b702c1287b0964d13be053a44fba62.mp4
2018-02-19 12:21 - 2018-02-19 12:22 - 000000000 ____D C:\Users\Terence\AppData\Local\Skyrim
2018-02-19 01:27 - 2018-02-19 01:27 - 000000000 ____D C:\Users\Terence\AppData\LocalLow\AMD
2018-02-19 01:25 - 2018-02-19 01:25 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-02-19 01:25 - 2018-02-19 01:25 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-02-19 01:25 - 2018-02-19 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-02-19 01:25 - 2018-02-19 01:25 - 000000000 ____D C:\Program Files (x86)\AMD
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\Users\Terence\AppData\Roaming\ATI
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\Users\Terence\AppData\Local\ATI
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\ProgramData\ATI
2018-02-19 01:22 - 2018-02-19 01:22 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-02-19 01:21 - 2018-02-19 01:21 - 025910000 _____ (AMD Inc.) C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-02-19 01:21 - 2018-02-19 01:21 - 000000000 ____D C:\Users\Terence\AppData\Local\RadeonSettings
2018-02-19 00:16 - 2018-02-19 00:16 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-19 00:16 - 2018-02-19 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-19 00:16 - 2018-02-19 00:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-19 00:16 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-19 00:13 - 2018-02-19 00:13 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising (1).pdf
2018-02-19 00:06 - 2018-02-19 01:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-19 00:06 - 2018-02-19 00:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-19 00:06 - 2018-02-19 00:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\772754EF.sys
2018-02-18 23:45 - 2018-02-18 23:45 - 000262144 _____ C:\Windows\Minidump\021818-13166-01.dmp
2018-02-18 02:16 - 2018-02-18 02:16 - 000262144 _____ C:\Windows\Minidump\021818-13338-01.dmp
2018-02-17 23:17 - 2018-02-17 23:18 - 006298790 _____ C:\Users\Terence\Downloads\Blank+_85ad77d4caabce86baeb33bc4eaf3ed3.mp4
2018-02-16 22:22 - 2018-02-16 22:22 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising.pdf
2018-02-15 16:11 - 2018-02-15 16:11 - 000000000 ____D C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-02-14 00:20 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 00:20 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 00:20 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 00:20 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 00:20 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 00:20 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 00:20 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 00:20 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 00:20 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 00:20 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 00:20 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 00:20 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 00:20 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 00:20 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 00:20 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 00:20 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 00:20 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 00:20 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 00:20 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 00:20 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 00:20 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 00:20 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 00:20 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 00:20 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 00:20 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 00:20 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 00:20 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 00:20 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 00:20 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 00:20 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 00:20 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 00:20 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 00:20 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 00:20 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 00:20 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 00:20 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 00:20 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 00:20 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 00:20 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 00:20 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 00:20 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 00:20 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 00:20 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 00:20 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 00:20 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 00:20 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 00:20 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 00:20 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 00:20 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 00:20 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 00:20 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 00:20 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 00:20 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 00:20 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 00:20 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 00:20 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 00:20 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 00:20 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 00:20 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 00:20 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 00:20 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 00:20 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 00:20 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 00:20 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 00:20 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 00:20 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 00:20 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 00:20 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 00:20 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 00:20 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 00:20 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 00:20 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 00:20 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 00:20 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 00:20 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 00:20 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 00:20 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 00:20 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 00:20 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 00:20 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 00:20 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 00:20 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 00:20 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 00:20 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 00:20 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 00:20 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 00:20 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 00:20 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 00:20 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 00:20 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 00:20 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-02-14 00:20 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-02-14 00:20 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-02-14 00:20 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-02-14 00:20 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-02-14 00:20 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-02-14 00:20 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-02-14 00:20 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-02-14 00:20 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-02-14 00:20 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-02-14 00:20 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-02-14 00:20 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-02-14 00:20 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-02-14 00:20 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-02-14 00:20 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-02-14 00:20 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-02-14 00:20 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-02-14 00:20 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-02-14 00:20 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-02-14 00:20 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 00:20 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 00:20 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-02-14 00:19 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 00:19 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 00:19 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-13 06:44 - 2018-02-13 06:44 - 000277128 _____ C:\Windows\Minidump\021318-16785-01.dmp
2018-02-11 16:17 - 2018-02-11 16:17 - 000961253 _____ C:\Users\Terence\Downloads\PEOPLE V. CARSON CONNERS_Final_Nov 21a.pdf
2018-02-11 15:16 - 2018-02-11 15:16 - 000745768 _____ C:\Users\Terence\Downloads\skse64_2_00_06.7z
2018-02-11 14:48 - 2018-02-11 14:48 - 000000000 ____D C:\Games
2018-02-11 14:05 - 2018-02-11 14:06 - 000000000 ____D C:\Users\Terence\Nexus
2018-02-11 13:49 - 2018-02-11 14:06 - 000000000 ____D C:\Users\Terence\AppData\Local\Black_Tree_Gaming
2018-02-11 13:49 - 2018-02-11 13:49 - 000000000 ____D C:\Users\Terence\Documents\Nexus Mod Manager
2018-02-11 13:49 - 2018-02-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-02-10 22:56 - 2018-02-11 13:54 - 000000000 ____D C:\Users\Terence\AppData\Local\Skyrim Special Edition
2018-02-08 17:51 - 2018-02-08 17:51 - 004199068 _____ C:\Users\Terence\Downloads\TrailviewProposalTerence4.pdf
2018-02-08 16:10 - 2018-02-08 16:10 - 000277184 _____ C:\Windows\Minidump\020818-13915-01.dmp
2018-02-06 19:39 - 2018-02-06 19:39 - 000277184 _____ C:\Windows\Minidump\020618-13260-01.dmp
2018-02-04 21:15 - 2018-02-04 21:15 - 004198826 _____ C:\Users\Terence\Downloads\TrailviewProposalTerence3.pdf
2018-02-04 19:02 - 2018-02-04 19:02 - 002760535 _____ C:\Users\Terence\Downloads\IMG_0130.jpeg
2018-02-03 22:20 - 2018-02-03 22:20 - 000277184 _____ C:\Windows\Minidump\020318-11746-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-05 15:20 - 2017-12-21 20:01 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-05 15:20 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-05 15:20 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-05 15:15 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-05 11:56 - 2017-12-21 19:43 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-05 11:56 - 2009-07-13 23:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-05 11:56 - 2009-07-13 23:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-04 23:42 - 2017-12-27 18:35 - 000000000 ____D C:\Users\Mom\AppData\Roaming\Adobe
2018-03-04 21:43 - 2017-12-23 03:30 - 000000000 ____D C:\Users\Terence\Desktop\garbage
2018-03-04 21:34 - 2017-12-21 03:02 - 000940426 _____ C:\Windows\ntbtlog.txt
2018-03-04 18:41 - 2009-07-13 21:34 - 000000435 _____ C:\Windows\win.ini
2018-03-04 01:03 - 2017-12-21 22:35 - 000000000 ____D C:\Users\Terence\Desktop\Eagle Project
2018-03-03 11:48 - 2017-12-26 21:24 - 000000000 ____D C:\Users\Terence\.gimp-2.8
2018-03-03 11:47 - 2018-01-14 18:11 - 000000000 ____D C:\Users\Terence\AppData\Roaming\vlc
2018-03-03 09:57 - 2017-12-26 22:16 - 000000000 ____D C:\Users\Terence\AppData\Local\gtk-2.0
2018-02-28 06:50 - 2017-12-21 20:40 - 000000024 _____ C:\Users\Terence\random.dat
2018-02-28 06:48 - 2017-12-21 20:39 - 000000024 _____ C:\Users\Terence\jagexappletviewer.preferences
2018-02-28 06:47 - 2017-12-21 20:40 - 000000046 _____ C:\Users\Terence\jagex_cl_oldschool_LIVE.dat
2018-02-27 22:04 - 2017-12-21 22:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:08 - 2018-01-11 22:38 - 000000000 ____D C:\Users\Terence\AppData\Roaming\RenPy
2018-02-24 09:20 - 2017-12-21 22:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 20:49 - 2017-12-21 19:23 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 20:49 - 2017-12-21 19:23 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 12:25 - 2017-12-21 19:37 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-19 23:05 - 2017-12-19 00:29 - 000058872 _____ C:\Users\Terence\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-19 01:27 - 2009-07-13 23:45 - 000269128 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 01:25 - 2017-12-21 19:35 - 000000000 ____D C:\Program Files\AMD
2018-02-19 01:22 - 2017-12-21 19:35 - 000000000 ____D C:\AMD
2018-02-19 00:12 - 2017-12-21 19:54 - 000007603 _____ C:\Users\Terence\AppData\Local\Resmon.ResmonCfg
2018-02-18 23:50 - 2017-12-21 21:42 - 000000000 ____D C:\Users\Terence\AppData\Roaming\discord
2018-02-18 23:45 - 2017-12-25 22:14 - 435530030 _____ C:\Windows\MEMORY.DMP
2018-02-18 23:45 - 2017-12-25 22:14 - 000000000 ____D C:\Windows\Minidump
2018-02-18 14:24 - 2017-12-21 19:51 - 000000000 ____D C:\Users\Terence\AppData\Local\ElevatedDiagnostics
2018-02-14 19:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-14 06:38 - 2017-12-23 14:00 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 01:19 - 2017-12-22 14:51 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 01:18 - 2017-12-22 14:51 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 01:17 - 2017-12-22 14:51 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-11 14:06 - 2017-12-18 23:51 - 000000000 ____D C:\Users\Terence
2018-02-10 19:18 - 2017-12-31 23:11 - 000000000 ____D C:\Users\Terence\Documents\My Games
2018-02-09 20:53 - 2009-07-14 00:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2018-03-04 18:36 - 2018-03-04 18:42 - 000000049 _____ () C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
2018-03-03 09:57 - 2018-03-03 09:57 - 000029944 _____ () C:\Users\Terence\AppData\Local\recently-used.xbel
2017-12-21 19:54 - 2018-02-19 00:12 - 000007603 _____ () C:\Users\Terence\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-05 00:20 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Terence\AppData\Local\Temp\dllnt_dump.dll
2018-02-18 04:41 - 2018-02-18 04:41 - 067651432 _____ (Malwarebytes                                                ) C:\Users\Terence\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3976.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-27 18:50
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Terence (05-03-2018 15:23:23)
Running from C:\Users\Terence\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-12-19 04:51:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-685522172-1761956412-1681975708-500 - Administrator - Disabled)
Guest (S-1-5-21-685522172-1761956412-1681975708-501 - Limited - Disabled)
Mom (S-1-5-21-685522172-1761956412-1681975708-1003 - Limited - Enabled) => C:\Users\Mom
Terence (S-1-5-21-685522172-1761956412-1681975708-1000 - Administrator - Enabled) => C:\Users\Terence
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (HKLM\...\{A8D361C1-CAE4-C33F-B3F8-FD75468245B3}) (Version: 2018.0131.1828.35 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Discord (HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-685522172-1761956412-1681975708-1000_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3138BF59-B340-4CEB-8B5D-5A6E70E3B3C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {379C4932-E42E-4662-B0EA-8BE8F98E20E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {876132D5-3CB7-468E-9117-206BE3169DB2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {9194E470-3F45-46AD-A41D-2DC86EA3BE1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {9F23CFB2-B8ED-4094-9D16-3E4F2424A4DB} - System32\Tasks\apricot => C:\Program Files\PeerBlock\peerblock.exe
Task: {CFB10B96-8D86-41CE-BA02-319069B264CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {DDB17D81-7B26-4269-BC29-2EF8A8399205} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-02-19 00:16 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-02-22 20:49 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-22 20:49 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-12-06 18:26 - 2018-01-31 19:11 - 000357256 _____ () C:\Windows\SysWOW64\GameManager32.dll
2017-12-21 20:02 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-21 20:02 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-21 20:02 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-12-21 20:02 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 06:47 - 2018-02-09 21:07 - 001780216 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2017-12-21 20:03 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-21 20:03 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-12-21 20:02 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 06:47 - 2018-01-26 06:48 - 009817080 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 06:47 - 2018-02-01 00:27 - 001508344 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 06:47 - 2018-01-09 06:47 - 000513016 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 06:47 - 2018-01-09 06:47 - 002662904 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 06:47 - 2018-02-01 00:27 - 001518072 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 06:47 - 2018-01-09 06:47 - 002749944 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B0CCD1F0-30AB-4B44-88B2-82A59BC7EE6D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3C1843F-6922-4674-9407-19AF64304057}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC793208-BE0A-42F4-83F1-D44B0408383B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B0EC089-66CA-45DD-BAD2-4DF88C88CC24}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8EA6FB6B-E61F-43FF-A351-9ECE1CA2235B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D6D5F390-16EF-4506-AAD8-92DD7853B9E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1A3E1D02-182C-4710-BBE5-7541532BA54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe
FirewallRules: [{BC7A289E-ED2E-46AD-AA46-75B8375796FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe
FirewallRules: [{976C6DD6-B3E1-4279-A6EC-C39EE67F87EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{329EB0EA-8904-4AA8-937E-911365CECCD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{AE41B566-6A18-4C97-A97B-84527B12265A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night in the Woods\Night in the Woods.exe
FirewallRules: [{789E6E68-D2B9-4C52-912E-9F916F585E37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night in the Woods\Night in the Woods.exe
FirewallRules: [{10718216-1EFE-414C-9AE6-6874F609E572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ConfessMyLove\Game.exe
FirewallRules: [{1A1AB3D6-FD8F-48A7-A980-FFDDA004432A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ConfessMyLove\Game.exe
FirewallRules: [{CF4ACC8A-478E-4F4E-8647-A7FA15FFEA3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killing Time\Game.exe
FirewallRules: [{04120355-6A2B-4DE0-A105-95F2F939A102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killing Time\Game.exe
FirewallRules: [{66977ECA-2ED4-4D51-9818-23E0774D695A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Elf\Game.exe
FirewallRules: [{38F0F2A6-DE1D-4B30-BFCF-17CB133A3EEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Elf\Game.exe
FirewallRules: [{F334BC39-6534-4480-BEB2-2FBCD1AAFE19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Girls and Dungeons\Game.exe
FirewallRules: [{E82AE2FD-1D6A-4A84-865F-DC4E468B1628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Girls and Dungeons\Game.exe
FirewallRules: [{9B108A87-6A6B-4D2A-BA40-6D7177C2F7DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror\game.exe
FirewallRules: [{CA7D54FD-77EF-4576-A9C5-A49E0B755316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror\game.exe
FirewallRules: [{C9B6DE78-1D7A-49E8-B12E-14146758DFAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Heiress\Game.exe
FirewallRules: [{9C3AF474-353E-44C5-9258-DFE6D22F633B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Heiress\Game.exe
FirewallRules: [{47BCB98D-0EED-4938-B38A-BCC7B6232173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltys Quest\nw.exe
FirewallRules: [{FCAD2E5D-5A03-416D-BBE0-60253C2AE59F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltys Quest\nw.exe
FirewallRules: [{A509BF0C-A9D0-4D84-8758-F33CA10ED49B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{51B78B3F-39F1-4C55-9A2A-F4DC2CF19186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{1155FF7F-218F-4B31-8821-EBFA4D761C39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{E53CBA61-8BD4-4951-905D-534E0CCF5D25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{6E5D1DB9-ECB5-4CA1-A8D3-118DEDF52937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{870455FA-F020-409C-B538-3805E04A106F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{6BF8490C-91B2-4013-BE62-602160E6F358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{2AEBC0B4-E106-4B41-8374-9DC16467DD67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{5B53797F-8273-43E1-89EE-DB54F50E7E81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{F9A2D77F-847E-4F69-82F2-3EF0AF7CC9EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{17988362-EC9B-4D5A-856A-FC867A842950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B0F45FB2-DCBA-42CE-9509-C96EFA39B936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{EE68D06C-F337-4C7A-B04A-2B560BE38A8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{5C939B39-EAE9-46D1-96C9-CB623CF8D4F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{8D099482-A181-4E0B-B723-93A32CFEC7EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{4BF87546-4CF4-4FD4-9443-8CFD0DCA7F09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{9F70EFD7-145E-4132-95C8-26158B789D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{2839F406-4B25-4A59-9688-D365A3061E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{67756D07-54C1-41BE-B1EF-7E191DB3EB83}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{DEF4979E-FE6B-44B4-BC75-46BE37A7E75B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F840E550-ECB8-4762-A92A-695058596470}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FA8A65A-1C41-45F0-951F-D7EF301FBAAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B67FAA-5D05-429C-88F7-A63C1A569C7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6815FE64-6F8E-42DA-80BE-B68FD6DD13E5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A21A61D0-A4F1-493E-B710-E141B0473665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{4BFB9FBF-6522-44FF-B9D6-6D49A2D5BD3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{67E70F0B-7545-4CA1-894D-BEC953CDBB4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{A659C13B-D4FA-4210-B73C-AE39B601308A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{0C65653A-CC45-48D5-80B7-47E44FC0967B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{1CEDCBA8-8778-40AE-9DA0-BC634FC1AFFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{0362C3DE-A1BD-4BB5-9544-4C40A93A99D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{534AFB44-B245-4FBF-B258-E3717798632D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{2C55EEBC-0B15-4CBA-B76E-F76172C4A093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker VX\RPGVX.exe
FirewallRules: [{A49C56C7-7E6E-4A57-9D85-4520B5DC746F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker VX\RPGVX.exe
FirewallRules: [{4EC9C4FE-8C20-446A-905C-A0F547079B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{1232D746-D0C0-482C-A85D-8A6F8072B3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{462DC4E1-6B0A-467C-84A9-181B905F9D22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{10D9C22E-FA62-494A-B15A-0EDAAB307ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{194F4B6E-1E79-416A-A68F-E064DAE15CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{90980ED7-7E2C-41F4-B924-24353CD097CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{DC8229D5-852B-4776-AC6E-140D733E5054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
22-02-2018 12:24:10 Windows Update
27-02-2018 06:56:31 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2018 03:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 11:51:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 06:38:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 12:26:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 12:06:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/04/2018 11:40:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/04/2018 09:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/04/2018 08:59:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/05/2018 06:59:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (03/05/2018 12:27:04 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/05/2018 12:18:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (03/05/2018 12:04:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (03/05/2018 12:04:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (03/05/2018 12:03:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/05/2018 12:03:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/05/2018 12:03:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8144.97 MB
Available physical RAM: 5760.28 MB
Total Virtual: 20359.14 MB
Available Virtual: 17122.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:655.95 GB) NTFS
 
\\?\Volume{98ddbfc3-e477-11e7-92d1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B1E03AA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 06 March 2018 - 07:29 AM

confusedangrybewilde:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two, but I do hope to respond later today.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 March 2018 - 07:48 AM

Thanks, Phil! 

My first name is Terence.(You may have noticed in those files.) Yeah, it's spelled like that. kinda weird I know.

 

Additionally, I have noticed a strange background program with no name and no icon that appears when I shut down. I'm not sure if it's Steam or not, but I can try and get a picture for you when I get back home today. I think I remember it vanishing when I close Steam *before* I shut down, so I figured it was just some remnant program.

 

There's a storm coming up tomorrow and if I don't respond for a day or two (or twenty), that's because the internet was cut. I don't think the (possible) rootkit could get worse over time, unless whoever is (potentially) remotely accessing my PC just gets fed up or something.


Edited by confusedangrybewilde, 06 March 2018 - 07:50 AM.


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 06 March 2018 - 08:10 AM

Terence:

Thank you for your post and for permission to address you by your first name! :thumbup2: Thank you also for the "heads-up" that you might lose Internet access. The storm is not supposed to be that bad here in Cape Breton, Nova Scotia, Canada. I hope that it does not hit you too hard! :bowdown:

I noticed immediately when I started analyzing your FRST logs, that you were unsuccessful in completely uninstalling McAfee, which is not unusual.

.

:step1: You have not completely uninstalled McAfee, which can be difficult to remove completely.
 

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)

Please follow these instructions from the McAfee website. I would recommend running the McAfee Consumer Product Removal (MCPR) tool (Step 2) after uninstalling it using Windows and having first rebooted your computer. Reboot your computer again after the MCPR tool has run, and McAfee should be gone.

.

:step2: Please provide me with a fresh set of FRST logs so that I can verify that McAfee was completely removed; or, if not, provide you with a FRST "fixlist" script to remove any remnants that I find in the new FRST logs.

.

I hope to have an initial FRST "fixlist" script for you in a few hours. Thank you for your patience and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 06 March 2018 - 09:31 AM

Terence:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-685522172-1761956412-1681975708-1003\User: Restriction <==== ATTENTION
File: C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys
File: C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: Once you have uninstalled McAfee completely, as directed in my previous post, here, please provide me with a fresh set of FRST logs. Please copy and paste them into your reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 March 2018 - 12:23 PM

Thanks, Phil! I'll run this the moment I get home. I'll be about 3 hours
My only question is what cpuz143_x64.sys is?

On top of that, I don't think there's anything harmful in the radeon drivers setup exe (I had to replace my old drivers after I reinstalled Windows)

But I will follow your judgement if it helps.


Edited by confusedangrybewilde, 06 March 2018 - 12:35 PM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 06 March 2018 - 12:40 PM

Terence:

 

Thank you for your post.  I admire your enthusiasm, but you don't need to rush to respond.  You and I are both only expected to respect the 48-hour response time guideline.

 

I will probably not be online when you respond back later today, but I will be back online tomorrow, probably late morning or early afternoon, so take your time.

 

I will comment that your enthusiasm is a welcome change from some people who have to be repeatedly "bumped" to carry out the instructions given to disinfect THEIR computers! :)

 

Have a great day, and I will talk to you later today, or tomorrow.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 March 2018 - 03:36 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Terence (06-03-2018 15:31:25) Run:1
Running from C:\Users\Terence\Desktop
Loaded Profiles: Terence (Available Profiles: Terence & Mom)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-685522172-1761956412-1681975708-1003\User: Restriction <==== ATTENTION
File: C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys
File: C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-685522172-1761956412-1681975708-1003\User => moved successfully
 
========================= File: C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys ========================
 
C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys
File is digitally signed
MD5: 22CA5FE8FB0E5E22E6FB0848108C03F4
Creation and modification date: 2017-12-19 22:02 - 2017-12-19 22:02
Size: 000048952
Attributes: ----A
Company Name: CPUID
Internal Name: cpuz.sys
Original Name: cpuz.sys
Product: CPUID service
Description: CPUID Driver
File Version: 6.1.7600.16385 built by: WinDDK
Product Version: 6.1.7600.16385
Copyright: Copyright© 2017 CPUID
 
====== End of File: ======
 
 
========================= File: C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe ========================
 
C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
File is digitally signed
MD5: 50B583D043088C6CB6AFD1404DEA5699
Creation and modification date: 2018-02-19 01:21 - 2018-02-19 01:21
Size: 025910000
Attributes: ----A
Company Name: AMD Inc.
Internal Name: 
Original Name: 
Product: Radeon Software Adrenalin
Description: Radeon Software Adrenalin
File Version: 18.2.1.0
Product Version: 
Copyright: AMD Inc.
 
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:31:42 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Terence (administrator) on GENESIS (06-03-2018 15:34:11)
Running from C:\Users\Terence\Desktop
Loaded Profiles: Terence (Available Profiles: Terence & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-06] (Oracle Corporation)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [Discord] => C:\Users\Terence\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5BADC322-34EB-4E87-AA41-B2E755BFD1FE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-21] (Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-21] (Oracle Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default [2018-03-06]
CHR Extension: (Slides) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-21]
CHR Extension: (Docs) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-21]
CHR Extension: (Google Drive) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-21]
CHR Extension: (YouTube) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-21]
CHR Extension: (uBlock Origin) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-21]
CHR Extension: (Sheets) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-21]
CHR Extension: (Gmail) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-22]
CHR Profile: C:\Users\Terence\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2018-01-31] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2018-01-31] (Advanced Micro Devices)
S3 cpuz143; C:\Users\Terence\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2017-12-19] (CPUID) <==== ATTENTION
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-06] (Malwarebytes)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 15:31 - 2018-03-06 15:31 - 000002563 _____ C:\Users\Terence\Desktop\Fixlog.txt
2018-03-06 15:28 - 2018-03-06 15:28 - 010593688 _____ (McAfee, Inc.) C:\Users\Terence\Desktop\MCPR.exe
2018-03-06 15:26 - 2018-03-06 15:26 - 002403328 _____ (Farbar) C:\Users\Terence\Desktop\FRST64.exe
2018-03-05 22:10 - 2018-03-05 22:10 - 000034852 _____ C:\Users\Terence\AppData\Local\recently-used.xbel
2018-03-05 15:23 - 2018-03-06 15:34 - 000009645 _____ C:\Users\Terence\Desktop\FRST.txt
2018-03-05 15:23 - 2018-03-05 15:23 - 000031047 _____ C:\Users\Terence\Desktop\Addition.txt
2018-03-05 15:22 - 2018-03-06 15:34 - 000000000 ____D C:\FRST
2018-03-05 15:22 - 2018-03-05 15:22 - 002403328 _____ (Farbar) C:\Users\Terence\Downloads\FRST64.exe
2018-03-05 11:52 - 2018-03-05 11:52 - 000305685 _____ C:\Users\Mom\Downloads\SMITH, CYNTHIA (Gov) (1).pdf
2018-03-05 11:51 - 2018-03-05 11:51 - 000305685 _____ C:\Users\Mom\Downloads\SMITH, CYNTHIA (Gov).pdf
2018-03-05 00:20 - 2018-03-05 00:23 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-05 00:20 - 2018-03-05 00:20 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-05 00:19 - 2018-03-05 00:19 - 036465728 _____ (Adlice Software ) C:\Users\Mom\Downloads\setup.exe
2018-03-05 00:02 - 2018-03-05 00:02 - 008222496 _____ (Malwarebytes) C:\Users\Mom\Downloads\adwcleaner_7.0.8.0.exe
2018-03-04 23:44 - 2018-03-05 00:07 - 000000000 __RSD C:\Users\Mom\Documents\McAfee Vaults
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\LocalLow\Adobe
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\McAfee File Lock
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\CEF
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\Adobe
2018-03-04 18:36 - 2018-03-04 18:42 - 000000049 _____ C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
2018-03-04 09:14 - 2018-03-04 09:14 - 000185334 _____ C:\Users\Terence\Downloads\Appendix A4.jpeg
2018-03-04 09:14 - 2018-03-04 09:14 - 000164771 _____ C:\Users\Terence\Downloads\Appendix A3.jpeg
2018-03-04 09:13 - 2018-03-04 09:13 - 000159587 _____ C:\Users\Terence\Downloads\Appendix A2.jpeg
2018-03-04 07:44 - 2018-03-06 15:32 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-04 02:17 - 2018-03-04 02:18 - 000003572 _____ C:\Windows\System32\Tasks\apricot
2018-03-03 16:49 - 2018-03-03 16:49 - 000498149 _____ C:\Users\Terence\Downloads\EbonyArmorMaleNeckFix-4428-1.zip
2018-03-02 15:36 - 2018-03-02 15:36 - 001222455 _____ C:\Users\Terence\Downloads\Blank+_fe7badad8d28d1931161871008be66f5.mp4
2018-02-28 21:22 - 2018-02-28 21:22 - 000194975 _____ C:\Users\Terence\Downloads\Blank+_952cdb39e475fe5d0f9e7e5454401df3.mp4
2018-02-28 21:07 - 2018-02-28 21:07 - 000541773 _____ C:\Users\Terence\Downloads\Blank+_278a6b9b43cd068c91d5f8c6d242ec47.mp4
2018-02-27 16:06 - 2018-02-27 16:06 - 014282475 _____ C:\Users\Terence\Downloads\DDLCtVN-master.zip
2018-02-26 21:10 - 2018-02-26 21:10 - 000326608 _____ C:\Users\Terence\Downloads\OurTime_Fix.rar
2018-02-26 21:06 - 2018-02-26 21:06 - 042433653 _____ C:\Users\Terence\Downloads\OurTime_demo (1).rar
2018-02-26 21:04 - 2018-02-26 21:04 - 042433653 _____ C:\Users\Terence\Downloads\OurTime_demo.rar
2018-02-26 20:53 - 2018-03-05 00:04 - 000000000 ____D C:\AdwCleaner
2018-02-26 20:03 - 2018-02-26 20:19 - 000000000 ____D C:\Users\Terence\Desktop\Cooking (1)
2018-02-26 19:24 - 2018-02-26 19:24 - 000535709 _____ C:\Users\Terence\Downloads\Blank+_006fd997ce879988cde83812ceadc3a0.mp4
2018-02-20 19:28 - 2018-02-20 19:28 - 004198826 _____ C:\Users\Terence\Documents\TrailviewProposalTerence7.pdf
2018-02-20 18:04 - 2018-02-20 18:04 - 000186655 _____ C:\Users\Terence\Downloads\image2 (1).jpeg
2018-02-20 18:04 - 2018-02-20 18:04 - 000152609 _____ C:\Users\Terence\Downloads\image1 (2).jpeg
2018-02-20 17:54 - 2018-02-20 17:54 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising (2).pdf
2018-02-20 17:52 - 2018-02-20 17:52 - 002180852 _____ C:\Users\Terence\Downloads\image1 (1).jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000163119 _____ C:\Users\Terence\Downloads\image3.jpeg
2018-02-20 17:50 - 2018-02-20 17:50 - 000152609 _____ C:\Users\Terence\Downloads\image1.jpeg
2018-02-20 09:07 - 2018-02-20 09:07 - 000673028 _____ C:\Users\Terence\Downloads\I+did+not+see+the+grass+at+first+so+i+_5527554dfcd9766c795b6e3e58f05698.mp4
2018-02-19 22:59 - 2018-02-19 22:59 - 000477300 _____ C:\Users\Terence\Downloads\All+righty+then+_a3b702c1287b0964d13be053a44fba62.mp4
2018-02-19 12:21 - 2018-02-19 12:22 - 000000000 ____D C:\Users\Terence\AppData\Local\Skyrim
2018-02-19 01:27 - 2018-02-19 01:27 - 000000000 ____D C:\Users\Terence\AppData\LocalLow\AMD
2018-02-19 01:25 - 2018-02-19 01:25 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-02-19 01:25 - 2018-02-19 01:25 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-02-19 01:25 - 2018-02-19 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-02-19 01:25 - 2018-02-19 01:25 - 000000000 ____D C:\Program Files (x86)\AMD
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\Users\Terence\AppData\Roaming\ATI
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\Users\Terence\AppData\Local\ATI
2018-02-19 01:23 - 2018-02-19 01:23 - 000000000 ____D C:\ProgramData\ATI
2018-02-19 01:22 - 2018-02-19 01:22 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-02-19 01:21 - 2018-02-19 01:21 - 025910000 _____ (AMD Inc.) C:\Users\Terence\Downloads\radeon-adrenalin-18.2.1-minimalsetup-180206_64bit.exe
2018-02-19 01:21 - 2018-02-19 01:21 - 000000000 ____D C:\Users\Terence\AppData\Local\RadeonSettings
2018-02-19 00:16 - 2018-02-19 00:16 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-19 00:16 - 2018-02-19 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-19 00:16 - 2018-02-19 00:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-19 00:16 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-19 00:13 - 2018-02-19 00:13 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising (1).pdf
2018-02-19 00:06 - 2018-02-19 01:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-19 00:06 - 2018-02-19 00:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-19 00:06 - 2018-02-19 00:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\772754EF.sys
2018-02-18 23:45 - 2018-02-18 23:45 - 000262144 _____ C:\Windows\Minidump\021818-13166-01.dmp
2018-02-18 02:16 - 2018-02-18 02:16 - 000262144 _____ C:\Windows\Minidump\021818-13338-01.dmp
2018-02-17 23:17 - 2018-02-17 23:18 - 006298790 _____ C:\Users\Terence\Downloads\Blank+_85ad77d4caabce86baeb33bc4eaf3ed3.mp4
2018-02-16 22:22 - 2018-02-16 22:22 - 000220590 _____ C:\Users\Terence\Downloads\TerenceFunraising.pdf
2018-02-15 16:11 - 2018-02-15 16:11 - 000000000 ____D C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-02-14 00:20 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 00:20 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 00:20 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 00:20 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 00:20 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 00:20 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 00:20 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 00:20 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 00:20 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 00:20 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 00:20 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 00:20 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 00:20 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 00:20 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 00:20 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 00:20 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 00:20 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 00:20 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 00:20 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 00:20 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 00:20 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 00:20 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 00:20 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 00:20 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 00:20 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 00:20 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 00:20 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 00:20 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 00:20 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 00:20 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 00:20 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 00:20 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 00:20 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 00:20 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 00:20 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 00:20 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 00:20 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 00:20 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 00:20 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 00:20 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 00:20 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 00:20 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 00:20 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 00:20 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 00:20 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 00:20 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 00:20 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 00:20 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 00:20 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 00:20 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 00:20 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 00:20 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 00:20 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 00:20 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 00:20 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 00:20 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 00:20 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 00:20 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 00:20 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 00:20 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 00:20 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 00:20 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 00:20 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 00:20 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 00:20 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 00:20 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 00:20 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 00:20 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 00:20 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 00:20 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 00:20 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 00:20 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 00:20 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 00:20 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 00:20 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 00:20 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 00:20 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 00:20 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 00:20 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 00:20 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 00:20 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 00:20 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 00:20 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 00:20 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 00:20 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 00:20 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 00:20 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 00:20 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 00:20 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 00:20 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 00:20 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 00:20 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 00:20 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 00:20 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 00:20 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 00:20 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 00:20 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 00:20 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 00:20 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 00:20 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 00:20 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-02-14 00:20 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-02-14 00:20 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-02-14 00:20 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-02-14 00:20 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-02-14 00:20 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-02-14 00:20 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-02-14 00:20 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-02-14 00:20 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-02-14 00:20 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-02-14 00:20 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-02-14 00:20 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-02-14 00:20 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-02-14 00:20 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-02-14 00:20 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-02-14 00:20 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-02-14 00:20 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-02-14 00:20 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-02-14 00:20 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-02-14 00:20 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-02-14 00:20 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-02-14 00:20 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-02-14 00:20 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-02-14 00:20 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-02-14 00:20 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-02-14 00:20 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-02-14 00:20 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 00:20 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 00:20 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 00:20 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 00:20 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-02-14 00:19 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 00:19 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 00:19 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 00:19 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-13 06:44 - 2018-02-13 06:44 - 000277128 _____ C:\Windows\Minidump\021318-16785-01.dmp
2018-02-11 16:17 - 2018-02-11 16:17 - 000961253 _____ C:\Users\Terence\Downloads\PEOPLE V. CARSON CONNERS_Final_Nov 21a.pdf
2018-02-11 15:16 - 2018-02-11 15:16 - 000745768 _____ C:\Users\Terence\Downloads\skse64_2_00_06.7z
2018-02-11 14:48 - 2018-02-11 14:48 - 000000000 ____D C:\Games
2018-02-11 14:05 - 2018-02-11 14:06 - 000000000 ____D C:\Users\Terence\Nexus
2018-02-11 13:49 - 2018-02-11 14:06 - 000000000 ____D C:\Users\Terence\AppData\Local\Black_Tree_Gaming
2018-02-11 13:49 - 2018-02-11 13:49 - 000000000 ____D C:\Users\Terence\Documents\Nexus Mod Manager
2018-02-11 13:49 - 2018-02-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-02-10 22:56 - 2018-02-11 13:54 - 000000000 ____D C:\Users\Terence\AppData\Local\Skyrim Special Edition
2018-02-08 17:51 - 2018-02-08 17:51 - 004199068 _____ C:\Users\Terence\Downloads\TrailviewProposalTerence4.pdf
2018-02-08 16:10 - 2018-02-08 16:10 - 000277184 _____ C:\Windows\Minidump\020818-13915-01.dmp
2018-02-06 19:39 - 2018-02-06 19:39 - 000277184 _____ C:\Windows\Minidump\020618-13260-01.dmp
2018-02-04 21:15 - 2018-02-04 21:15 - 004198826 _____ C:\Users\Terence\Downloads\TrailviewProposalTerence3.pdf
2018-02-04 19:02 - 2018-02-04 19:02 - 002760535 _____ C:\Users\Terence\Downloads\IMG_0130.jpeg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 15:32 - 2017-12-27 18:33 - 000000008 __RSH C:\Users\Terence\ntuser.pol
2018-03-06 15:32 - 2017-12-21 20:01 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-06 15:32 - 2017-12-21 19:43 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-06 15:32 - 2017-12-18 23:51 - 000000000 ____D C:\Users\Terence
2018-03-06 15:32 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-06 15:31 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-06 15:27 - 2017-12-21 22:35 - 000000000 ____D C:\Users\Terence\Desktop\Eagle Project
2018-03-06 15:27 - 2009-07-13 23:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-06 15:27 - 2009-07-13 23:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-06 15:25 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-06 15:25 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-05 22:34 - 2017-12-26 21:24 - 000000000 ____D C:\Users\Terence\.gimp-2.8
2018-03-05 22:10 - 2017-12-26 22:16 - 000000000 ____D C:\Users\Terence\AppData\Local\gtk-2.0
2018-03-04 23:42 - 2017-12-27 18:35 - 000000000 ____D C:\Users\Mom\AppData\Roaming\Adobe
2018-03-04 21:43 - 2017-12-23 03:30 - 000000000 ____D C:\Users\Terence\Desktop\garbage
2018-03-04 21:34 - 2017-12-21 03:02 - 000940426 _____ C:\Windows\ntbtlog.txt
2018-03-04 18:41 - 2009-07-13 21:34 - 000000435 _____ C:\Windows\win.ini
2018-03-03 11:47 - 2018-01-14 18:11 - 000000000 ____D C:\Users\Terence\AppData\Roaming\vlc
2018-02-28 06:50 - 2017-12-21 20:40 - 000000024 _____ C:\Users\Terence\random.dat
2018-02-28 06:48 - 2017-12-21 20:39 - 000000024 _____ C:\Users\Terence\jagexappletviewer.preferences
2018-02-28 06:47 - 2017-12-21 20:40 - 000000046 _____ C:\Users\Terence\jagex_cl_oldschool_LIVE.dat
2018-02-27 22:04 - 2017-12-21 22:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 16:08 - 2018-01-11 22:38 - 000000000 ____D C:\Users\Terence\AppData\Roaming\RenPy
2018-02-24 09:20 - 2017-12-21 22:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 20:49 - 2017-12-21 19:23 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 20:49 - 2017-12-21 19:23 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 12:25 - 2017-12-21 19:37 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-19 23:05 - 2017-12-19 00:29 - 000058872 _____ C:\Users\Terence\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-19 01:27 - 2009-07-13 23:45 - 000269128 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 01:25 - 2017-12-21 19:35 - 000000000 ____D C:\Program Files\AMD
2018-02-19 01:22 - 2017-12-21 19:35 - 000000000 ____D C:\AMD
2018-02-19 00:12 - 2017-12-21 19:54 - 000007603 _____ C:\Users\Terence\AppData\Local\Resmon.ResmonCfg
2018-02-18 23:50 - 2017-12-21 21:42 - 000000000 ____D C:\Users\Terence\AppData\Roaming\discord
2018-02-18 23:45 - 2017-12-25 22:14 - 435530030 _____ C:\Windows\MEMORY.DMP
2018-02-18 23:45 - 2017-12-25 22:14 - 000000000 ____D C:\Windows\Minidump
2018-02-18 14:24 - 2017-12-21 19:51 - 000000000 ____D C:\Users\Terence\AppData\Local\ElevatedDiagnostics
2018-02-14 19:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-14 06:38 - 2017-12-23 14:00 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 01:19 - 2017-12-22 14:51 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 01:18 - 2017-12-22 14:51 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 01:17 - 2017-12-22 14:51 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-10 19:18 - 2017-12-31 23:11 - 000000000 ____D C:\Users\Terence\Documents\My Games
2018-02-09 20:53 - 2009-07-14 00:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2018-03-04 18:36 - 2018-03-04 18:42 - 000000049 _____ () C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
2018-03-05 22:10 - 2018-03-05 22:10 - 000034852 _____ () C:\Users\Terence\AppData\Local\recently-used.xbel
2017-12-21 19:54 - 2018-02-19 00:12 - 000007603 _____ () C:\Users\Terence\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-05 00:20 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Terence\AppData\Local\Temp\dllnt_dump.dll
2018-02-18 04:41 - 2018-02-18 04:41 - 067651432 _____ (Malwarebytes                                                ) C:\Users\Terence\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3976.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-27 18:50
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Terence (06-03-2018 15:34:35)
Running from C:\Users\Terence\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-12-19 04:51:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-685522172-1761956412-1681975708-500 - Administrator - Disabled)
Guest (S-1-5-21-685522172-1761956412-1681975708-501 - Limited - Disabled)
Mom (S-1-5-21-685522172-1761956412-1681975708-1003 - Limited - Enabled) => C:\Users\Mom
Terence (S-1-5-21-685522172-1761956412-1681975708-1000 - Administrator - Enabled) => C:\Users\Terence
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (HKLM\...\{A8D361C1-CAE4-C33F-B3F8-FD75468245B3}) (Version: 2018.0131.1828.35 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Discord (HKU\S-1-5-21-685522172-1761956412-1681975708-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
RogueKiller version 12.12.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.6.0 - Adlice Software)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-685522172-1761956412-1681975708-1000_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3138BF59-B340-4CEB-8B5D-5A6E70E3B3C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {379C4932-E42E-4662-B0EA-8BE8F98E20E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {876132D5-3CB7-468E-9117-206BE3169DB2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {9194E470-3F45-46AD-A41D-2DC86EA3BE1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {9F23CFB2-B8ED-4094-9D16-3E4F2424A4DB} - System32\Tasks\apricot => C:\Program Files\PeerBlock\peerblock.exe
Task: {CFB10B96-8D86-41CE-BA02-319069B264CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {DDB17D81-7B26-4269-BC29-2EF8A8399205} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-02-19 00:16 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-02-22 20:49 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-22 20:49 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-12-06 18:26 - 2018-01-31 19:11 - 000357256 _____ () C:\Windows\SysWOW64\GameManager32.dll
2017-12-21 20:02 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-21 20:02 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-21 20:02 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-21 20:02 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-21 20:02 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-12-21 20:02 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 06:47 - 2018-02-09 21:07 - 001780216 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2017-12-21 20:03 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-12-21 20:03 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-12-21 20:02 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 21:49 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Terence\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 06:47 - 2018-01-26 06:48 - 009817080 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 06:47 - 2018-02-01 00:27 - 001508344 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 06:47 - 2018-01-09 06:47 - 000513016 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 06:47 - 2018-01-09 06:47 - 002662904 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 06:47 - 2018-02-01 00:27 - 001518072 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 06:47 - 2018-01-09 06:47 - 002749944 _____ () \\?\C:\Users\Terence\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-685522172-1761956412-1681975708-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Terence\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B0CCD1F0-30AB-4B44-88B2-82A59BC7EE6D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3C1843F-6922-4674-9407-19AF64304057}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC793208-BE0A-42F4-83F1-D44B0408383B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B0EC089-66CA-45DD-BAD2-4DF88C88CC24}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8EA6FB6B-E61F-43FF-A351-9ECE1CA2235B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D6D5F390-16EF-4506-AAD8-92DD7853B9E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1A3E1D02-182C-4710-BBE5-7541532BA54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe
FirewallRules: [{BC7A289E-ED2E-46AD-AA46-75B8375796FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Finding Paradise\Finding Paradise\Finding Paradise.exe
FirewallRules: [{976C6DD6-B3E1-4279-A6EC-C39EE67F87EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{329EB0EA-8904-4AA8-937E-911365CECCD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{AE41B566-6A18-4C97-A97B-84527B12265A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night in the Woods\Night in the Woods.exe
FirewallRules: [{789E6E68-D2B9-4C52-912E-9F916F585E37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night in the Woods\Night in the Woods.exe
FirewallRules: [{10718216-1EFE-414C-9AE6-6874F609E572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ConfessMyLove\Game.exe
FirewallRules: [{1A1AB3D6-FD8F-48A7-A980-FFDDA004432A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ConfessMyLove\Game.exe
FirewallRules: [{CF4ACC8A-478E-4F4E-8647-A7FA15FFEA3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killing Time\Game.exe
FirewallRules: [{04120355-6A2B-4DE0-A105-95F2F939A102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killing Time\Game.exe
FirewallRules: [{66977ECA-2ED4-4D51-9818-23E0774D695A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Elf\Game.exe
FirewallRules: [{38F0F2A6-DE1D-4B30-BFCF-17CB133A3EEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Elf\Game.exe
FirewallRules: [{F334BC39-6534-4480-BEB2-2FBCD1AAFE19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Girls and Dungeons\Game.exe
FirewallRules: [{E82AE2FD-1D6A-4A84-865F-DC4E468B1628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Girls and Dungeons\Game.exe
FirewallRules: [{9B108A87-6A6B-4D2A-BA40-6D7177C2F7DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror\game.exe
FirewallRules: [{CA7D54FD-77EF-4576-A9C5-A49E0B755316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror\game.exe
FirewallRules: [{C9B6DE78-1D7A-49E8-B12E-14146758DFAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Heiress\Game.exe
FirewallRules: [{9C3AF474-353E-44C5-9258-DFE6D22F633B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Heiress\Game.exe
FirewallRules: [{47BCB98D-0EED-4938-B38A-BCC7B6232173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltys Quest\nw.exe
FirewallRules: [{FCAD2E5D-5A03-416D-BBE0-60253C2AE59F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Meltys Quest\nw.exe
FirewallRules: [{A509BF0C-A9D0-4D84-8758-F33CA10ED49B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{51B78B3F-39F1-4C55-9A2A-F4DC2CF19186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe
FirewallRules: [{1155FF7F-218F-4B31-8821-EBFA4D761C39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{E53CBA61-8BD4-4951-905D-534E0CCF5D25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{6E5D1DB9-ECB5-4CA1-A8D3-118DEDF52937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{870455FA-F020-409C-B538-3805E04A106F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{6BF8490C-91B2-4013-BE62-602160E6F358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{2AEBC0B4-E106-4B41-8374-9DC16467DD67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{5B53797F-8273-43E1-89EE-DB54F50E7E81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{F9A2D77F-847E-4F69-82F2-3EF0AF7CC9EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{17988362-EC9B-4D5A-856A-FC867A842950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B0F45FB2-DCBA-42CE-9509-C96EFA39B936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{EE68D06C-F337-4C7A-B04A-2B560BE38A8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{5C939B39-EAE9-46D1-96C9-CB623CF8D4F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{8D099482-A181-4E0B-B723-93A32CFEC7EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{4BF87546-4CF4-4FD4-9443-8CFD0DCA7F09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{9F70EFD7-145E-4132-95C8-26158B789D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{2839F406-4B25-4A59-9688-D365A3061E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{67756D07-54C1-41BE-B1EF-7E191DB3EB83}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{DEF4979E-FE6B-44B4-BC75-46BE37A7E75B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F840E550-ECB8-4762-A92A-695058596470}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FA8A65A-1C41-45F0-951F-D7EF301FBAAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B67FAA-5D05-429C-88F7-A63C1A569C7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6815FE64-6F8E-42DA-80BE-B68FD6DD13E5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A21A61D0-A4F1-493E-B710-E141B0473665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{4BFB9FBF-6522-44FF-B9D6-6D49A2D5BD3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{67E70F0B-7545-4CA1-894D-BEC953CDBB4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{A659C13B-D4FA-4210-B73C-AE39B601308A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{0C65653A-CC45-48D5-80B7-47E44FC0967B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{1CEDCBA8-8778-40AE-9DA0-BC634FC1AFFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{0362C3DE-A1BD-4BB5-9544-4C40A93A99D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{534AFB44-B245-4FBF-B258-E3717798632D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{2C55EEBC-0B15-4CBA-B76E-F76172C4A093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker VX\RPGVX.exe
FirewallRules: [{A49C56C7-7E6E-4A57-9D85-4520B5DC746F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker VX\RPGVX.exe
FirewallRules: [{4EC9C4FE-8C20-446A-905C-A0F547079B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{1232D746-D0C0-482C-A85D-8A6F8072B3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{462DC4E1-6B0A-467C-84A9-181B905F9D22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{10D9C22E-FA62-494A-B15A-0EDAAB307ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{194F4B6E-1E79-416A-A68F-E064DAE15CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{90980ED7-7E2C-41F4-B924-24353CD097CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{DC8229D5-852B-4776-AC6E-140D733E5054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
22-02-2018 12:24:10 Windows Update
27-02-2018 06:56:31 Windows Update
06-03-2018 15:25:27 Windows Update
06-03-2018 15:31:26 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2018 03:34:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/06/2018 03:31:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {21044428-5304-4894-b279-50c9595c000b}
 
Error: (03/06/2018 03:21:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/06/2018 05:23:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x19c
Faulting application start time: 0x01d3b534de9434e9
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 77a0c93a-2128-11e8-b4a5-74d43583b9a3
 
Error: (03/06/2018 05:20:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 10:34:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gimp-2.8.exe version 2.8.22.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1708
 
Start Time: 01d3b4f75c14ff1d
 
Termination Time: 4
 
Application Path: C:\Program Files\GIMP 2\bin\gimp-2.8.exe
 
Report Id: 4fc0e904-20ef-11e8-9dc5-74d43583b9a3
 
Error: (03/05/2018 03:17:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 11:51:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/06/2018 03:31:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ACP User Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8144.97 MB
Available physical RAM: 5904.25 MB
Total Virtual: 20359.14 MB
Available Virtual: 17280.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:655.14 GB) NTFS
 
\\?\Volume{98ddbfc3-e477-11e7-92d1-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B1E03AA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 06 March 2018 - 04:42 PM

Terence:

Thank you for your post, for copying and pasting the contents of the "fixlog.txt" file, and for the fresh set of FRST logs.  All is looking good, so far! :thumbup2:

As I suspected, there are some McAfee remnants left behind, so I will get rid of them, as well as the McAfee Consumer Product Removal tool. Let's nuke them with another FRST "fixlist" script.

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
2018-03-06 15:28 - 2018-03-06 15:28 - 010593688 _____ (McAfee, Inc.) C:\Users\Terence\Desktop\MCPR.exe
2018-03-04 23:44 - 2018-03-05 00:07 - 000000000 __RSD C:\Users\Mom\Documents\McAfee Vaults
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\McAfee File Lock
File: C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

OK, so that being done, let's run some standard anti-malware scans, since FRST tends to focus on the really nefarious malware.

.

:step2:ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!
.

:step3: I see that you have Malwarebytes installed on your computer. There is a new version of Malwarebytes available, but at least some people have had issues with it, so please run the version that you have, but make sure that you turn on the items that I have requested.  I haven't downloaded the new version yet, myself, because I don't want to take any chances with my computer.

  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

I will be back online tomorrow, so take your time. That's a lot of homework, and the ESET scan could take some time. :busy: Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 March 2018 - 07:35 PM

Something odd happened while scanning with ESET, the initial download of the database files was interrupted.

It worked the second time. ESET found nothing. I am mildly concerned..but everything LOOKS fine.

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 3/6/18
Scan Time: 7:28 PM
Log File: 6e7e7792-219e-11e8-9b31-74d43583b9a3.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4236
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Genesis\Terence
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258733
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 0 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 07 00:33:48 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-05.3
# Running on Windows 7 Home Premium (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1202 B] - [2018/3/5 5:4:0]
C:/AdwCleaner/AdwCleaner[S0].txt - [952 B] - [2018/2/27 1:54:18]
C:/AdwCleaner/AdwCleaner[S1].txt - [1018 B] - [2018/3/5 5:3:48]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Terence (06-03-2018 18:13:46) Run:2
Running from C:\Users\Terence\Desktop
Loaded Profiles: Terence (Available Profiles: Terence & Mom)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
2018-03-06 15:28 - 2018-03-06 15:28 - 010593688 _____ (McAfee, Inc.) C:\Users\Terence\Desktop\MCPR.exe
2018-03-04 23:44 - 2018-03-05 00:07 - 000000000 __RSD C:\Users\Mom\Documents\McAfee Vaults
2018-03-04 23:42 - 2018-03-04 23:42 - 000000000 ____D C:\Users\Mom\AppData\Local\McAfee File Lock
File: C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
C:\Users\Terence\Desktop\MCPR.exe => moved successfully
C:\Users\Mom\Documents\McAfee Vaults => moved successfully
C:\Users\Mom\AppData\Local\McAfee File Lock => moved successfully
 
========================= File: C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini ========================
 
C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini
File not signed
MD5: 0D52EFF08940D2C158E7F506A521E49C
Creation and modification date: 2018-03-04 18:36 - 2018-03-04 18:42
Size: 000000049
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 18:13:55 ====

 
 


#12 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 March 2018 - 08:37 PM

Oh, crap. I accidentally deleted MCViUserDetail.ini manually. Not sure if that did anything

 

I keep noticing the loading symbol on my cursor. It stresses me out. I have no idea what it's loading and that scares me. What if it's some hidden process sucking all my information?

That scares me.

Although it's unlikely that's the case. seems to only happen when a lot of things are open, but it scares me nonetheless.


Edited by confusedangrybewilde, 06 March 2018 - 09:23 PM.


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 07 March 2018 - 01:22 PM

Terence:

 

Thank you for running those scans and posting the results.  I am not seeing any active malware on your computer. :thumbup2:

 

I am not sure what the file C:\Users\Terence\AppData\Roaming\MCVi2UserDetail.ini is?  That is why I queried it in my last FRST "fixlist" script.  As you can see, not a lot of information came back.  Google doesn't seem to know much about that file either.  Generally, a lot of .ini files will be regenerated by the app that created them.  Worst case: you will go to use the app that uses that file, and you will get an error.  Reinstallation of the program should resolve the issue because it will generate a default .ini file.

 

You can view the running processes on your computer by launching the Task Manager.  Press the Ctrl, Shift, + Esc keys simultaneously to launch the Task Manager.

 

I would not be concerned about malware stealing your information from your computer, in its present condition.  One or more of the scans that we have run would have detected any such malware application.

 

Your best bet is to just monitor running processes with the Task Manager.  There is a lot going on in the background with Windows.  Some anti-virus and anti-malware apps consume a lot of resources; and, of course, computer responsiveness does depend on how robust your computer is, and how many apps you have running at any one time.

 

Unless you have other, or new issues, we should remove the tools that I used to clean up your computer.  Please let me know.  If we are good to go, I will post instructions to remove the anti-malware tools that I had you download and use.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 confusedangrybewilde

confusedangrybewilde
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 07 March 2018 - 01:31 PM

Whatever it was, it said something about deleting personal data. Might have been left behind by McAfee given the name. It also hasn't returned, probably because McAfee is gone.

Guess I'm ready to remove the tools, then. Thank you for your assistance and time. I really appreciate the efforts you make to help complete strangers; the world could use more people like you.  :)

 

 

then i can get some sleep lmao



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:46 AM

Posted 07 March 2018 - 01:36 PM

Terence:

Thank you for your post.  It has been my pleasure to assist you with your computer issues. :)

.

:step1: We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

.

:step2: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

Please copy and paste the contents of the Delfix log into your next reply. If that looks good, then we can conclude your topic.

On behalf of the Bleeping Computer Community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users