Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn off proxy use


  • This topic is locked This topic is locked
30 replies to this topic

#1 Leadless

Leadless

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 01 April 2018 - 03:24 AM

I have the same issue as this guy; https://www.bleepingcomputer.com/forums/t/531194/cannot-turn-off-proxy-use/
Before this happened, my pc's anti-virus, Mcafee actually did a scan by itself, so I thought that Mcafee was the cause of the issue and I went to uninstall it. (Yes I know I'm dumb)
Now, I can connect to the wifi but no Internet access and I'm afraid to follow the instruction on the thread. Can anyone assist me?
Also my proxy address is 127.0.0.1:8080. Thank you.

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 01 April 2018 - 05:59 AM

Leadless:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

:step1: Please follow these instructions to run and post FRST scan logs

I would ask that you please copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs, once I receive them. That could take a day or two, but I do hope to respond within 24 hours with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 02 April 2018 - 02:53 AM

Hi and thank you. You can just call me Leadless.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by PC (administrator) on DESKTOP-9B2CIK5 (02-04-2018 15:45:08)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\GIGABYTE\RGBFusion\SelLedV2.exe
(TODO: <Company name>) C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedServices.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Optane Memory\OptaneMemoryUIIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [OptaneMemoryUI] => C:\Program Files\Intel\Intel® Optane Memory\OptaneMemoryUIIcon.exe [410696 2017-08-25] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230816 2017-10-24] (Realtek Semiconductor)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [115120 2017-05-25] ()
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Run: [Discord] => C:\Users\PC\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4b3e35d6-fee5-4bb5-9a91-093154f257ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d9d00d74-c2c1-4d04-abb7-ba42f69780fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e94d2238-a862-4a47-899e-bb66121ddfa9}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-4241098779-1380022037-623437125-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-4241098779-1380022037-623437125-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-21] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-21] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-21] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2018-03-16] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-12] (EasyAntiCheat Ltd)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [147400 2017-08-21] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (Microsoft)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2414264 2017-08-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-07-12] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123848 2017-08-21] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [544744 2017-10-24] (Intel Corporation)
R3 GLCKIO; C:\ProgramData\ASUS\GLKIO\690b33e1-0462-4e84-9bea-c7552b45432a.sys [18712 2018-04-01] ()
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70664 2017-08-25] (Intel Corporation)
R1 MpKsl7eb2ee68; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D935715D-9F8A-499D-8343-AC16B7996A62}\MpKsl7eb2ee68.sys [58120 2018-04-02] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58680 2018-01-10] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6831056 2017-06-20] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-02 15:45 - 2018-04-02 15:45 - 000013864 _____ C:\Users\PC\Desktop\FRST.txt
2018-04-02 15:45 - 2018-04-02 15:45 - 000000000 ____D C:\FRST
2018-04-02 15:43 - 2018-04-02 15:40 - 002403328 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2018-04-01 15:20 - 2018-04-01 15:20 - 000000000 ____D C:\Windows\pss
2018-03-30 17:38 - 2018-03-30 17:38 - 000000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2018-03-30 13:45 - 2018-03-30 13:45 - 000000444 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-30 12:27 - 2018-03-30 12:27 - 000000000 ___HD C:\Users\PC\MicrosoftEdgeBackups
2018-03-30 12:22 - 2018-03-30 17:38 - 000837630 _____ C:\Windows\ntbtlog.txt
2018-03-30 11:29 - 2018-03-30 11:29 - 000000000 ____D C:\Users\PC\AppData\Local\MicrosoftEdge
2018-03-23 21:18 - 2018-03-23 21:18 - 000000000 ____D C:\Users\PC\AppData\Roaming\AndroidTbox
2018-03-23 20:23 - 2018-03-30 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2018-03-23 20:23 - 2018-03-23 21:18 - 000000000 ____D C:\ProgramData\Tencent
2018-03-23 20:19 - 2018-03-30 13:40 - 000000000 ____D C:\Users\PC\AppData\Roaming\Tencent
2018-03-23 20:19 - 2018-03-23 20:19 - 000000000 ____D C:\Temp
2018-03-16 17:15 - 2018-03-16 17:15 - 000000000 ____D C:\Users\PC\Downloads\mods
2018-03-16 17:14 - 2018-03-16 17:15 - 016803489 _____ C:\Users\PC\Downloads\mods.zip
2018-03-16 15:15 - 2018-03-16 15:15 - 000000000 ____D C:\Users\PC\Documents\BlackSquad
2018-03-16 15:14 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-03-16 12:03 - 2018-03-16 12:03 - 000000222 _____ C:\Users\PC\Desktop\Black Squad.url
2018-03-16 11:58 - 2018-03-16 11:59 - 000000000 ____D C:\Users\PC\AppData\Local\Steam
2018-03-16 11:47 - 2018-04-02 15:15 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-16 11:47 - 2018-03-16 11:47 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2018-03-16 11:47 - 2018-03-16 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-16 11:03 - 2018-03-16 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2018-03-13 15:31 - 2018-03-13 15:31 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-09 18:36 - 2018-03-09 18:36 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-03-09 17:42 - 2018-03-09 17:42 - 000000000 ____D C:\Users\PC\AppData\Roaming\Macromedia
2018-03-09 17:38 - 2017-10-09 23:34 - 000097168 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\SET7500.tmp
2018-03-09 17:37 - 2018-03-30 12:08 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-03-09 17:06 - 2018-03-30 12:24 - 000000000 ____D C:\ProgramData\McAfee
2018-03-09 17:06 - 2018-03-09 17:42 - 000000049 _____ C:\Users\PC\AppData\Roaming\MCVi2UserDetail.ini
2018-03-05 23:14 - 2018-03-05 23:14 - 000000000 ____D C:\Users\PC\Documents\Electronic Arts
2018-03-05 23:05 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-03-05 23:05 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-03-05 23:05 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-03-05 23:05 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-03-05 23:05 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-03-05 23:05 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-03-05 23:05 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-03-05 23:05 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-03-05 23:05 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-03-05 23:05 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-03-05 23:05 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-03-05 23:05 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-03-05 23:05 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-03-05 23:05 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-03-05 23:05 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-03-05 23:05 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-03-05 23:05 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-03-05 23:05 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-03-05 23:05 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-03-05 23:05 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-03-05 23:05 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-03-05 23:05 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-03-05 23:05 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-03-05 23:05 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-03-05 23:05 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-03-05 23:05 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-03-05 23:05 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-03-05 23:05 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-03-05 23:05 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-03-05 23:05 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-03-05 23:05 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-03-05 23:05 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-03-05 23:05 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-03-05 23:05 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-03-05 23:05 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-03-05 23:05 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-03-05 23:05 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-03-05 23:05 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-03-05 23:05 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-03-05 23:05 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-03-05 23:05 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-03-05 23:05 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-03-05 23:05 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-03-05 23:05 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-03-05 23:05 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-03-05 23:05 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-03-05 23:05 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-03-05 23:05 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-03-05 23:05 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-03-05 23:05 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-03-05 23:05 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-03-05 23:05 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-03-05 23:05 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-03-05 23:05 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-03-05 23:05 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-03-05 23:05 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2018-03-05 23:05 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-03-05 23:05 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-03-05 22:58 - 2018-03-05 23:05 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-03-05 22:58 - 2018-03-05 23:05 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-03-05 22:46 - 2018-03-05 22:46 - 000001571 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2018-03-05 22:46 - 2018-03-05 22:46 - 000000000 ____D C:\Games
2018-03-04 23:17 - 2018-03-05 09:12 - 029994630 _____ C:\Users\PC\Downloads\TheSims4CatsdogsALLDLCs.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-02 15:28 - 2018-02-21 16:02 - 000000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2018-04-02 15:15 - 2018-02-06 15:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-01 16:22 - 2018-02-06 14:38 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-04-01 15:27 - 2018-02-06 14:46 - 001445192 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-01 15:23 - 2018-02-06 14:53 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-04-01 15:23 - 2018-02-06 14:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-01 15:22 - 2017-09-29 16:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-04-01 15:20 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\NDF
2018-03-30 18:05 - 2018-02-21 20:20 - 000000000 ____D C:\Users\PC\AppData\Roaming\CC
2018-03-30 17:37 - 2018-03-02 11:22 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-30 12:27 - 2018-02-06 14:43 - 000000000 ____D C:\Users\PC
2018-03-30 12:08 - 2017-09-29 21:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-03-30 12:08 - 2017-09-29 16:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-03-30 12:06 - 2018-03-01 22:21 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2018-03-29 17:01 - 2018-02-21 16:07 - 000007597 _____ C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2018-03-27 18:32 - 2018-02-21 20:43 - 000000000 ____D C:\Users\PC\AppData\Roaming\obs-studio
2018-03-24 19:33 - 2018-02-24 15:36 - 000000000 ____D C:\Users\PC\Downloads\Wallpaper
2018-03-23 16:18 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-22 22:32 - 2018-02-21 20:14 - 000000000 ____D C:\ros
2018-03-22 15:54 - 2018-02-26 17:16 - 000000000 ____D C:\Users\PC\Documents\Sony Vegas Pro
2018-03-21 21:53 - 2018-02-06 14:53 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 21:53 - 2018-02-06 14:53 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-16 19:30 - 2018-02-24 14:58 - 000000000 ____D C:\Program Files\KMSpico
2018-03-16 19:11 - 2018-02-21 17:19 - 000000000 ____D C:\Users\PC\AppData\Roaming\discord
2018-03-16 12:02 - 2018-02-21 15:52 - 000000000 ___RD C:\Users\PC\Desktop\Applications
2018-03-16 11:03 - 2018-02-06 14:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-09 18:36 - 2017-09-29 21:44 - 000000000 ____D C:\Windows\INF
2018-03-09 17:38 - 2017-09-29 21:46 - 000000124 _____ C:\Windows\win.ini
2018-03-05 23:11 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2018-03-09 17:06 - 2018-03-09 17:42 - 000000049 _____ () C:\Users\PC\AppData\Roaming\MCVi2UserDetail.ini
2018-02-21 16:07 - 2018-03-29 17:01 - 000007597 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-30 13:39 - 2018-03-22 11:01 - 000816320 _____ () C:\Users\PC\AppData\Local\Temp\DE5.tmp.exe
2018-03-02 15:01 - 2018-03-02 15:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-2337437311813222808.dll
2018-03-19 10:16 - 2018-03-19 10:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-253262936612238186.dll
2018-03-19 10:16 - 2018-03-19 10:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3014651207095036988.dll
2018-03-04 22:08 - 2018-03-04 22:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3420780696207070338.dll
2018-03-22 11:36 - 2018-03-22 11:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3512775995957996856.dll
2018-03-09 17:01 - 2018-03-09 17:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3779849975140555876.dll
2018-03-09 19:00 - 2018-03-09 19:00 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-4748579227712131277.dll
2018-03-21 23:08 - 2018-03-21 23:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-4953089117850156030.dll
2018-03-09 14:08 - 2018-03-09 14:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5587726996942347394.dll
2018-03-22 13:04 - 2018-03-22 13:04 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5638829538111321363.dll
2018-03-02 11:26 - 2018-03-02 11:26 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7302960067132054032.dll
2018-03-26 17:02 - 2018-03-26 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7316867298567461437.dll
2018-03-11 18:32 - 2018-03-11 18:32 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7643691600872333642.dll
2018-03-21 12:48 - 2018-03-21 12:48 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7843437343755369015.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-79938007732086404.dll
2018-03-01 16:57 - 2018-03-01 16:57 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8153215151536226844.dll
2018-03-07 15:29 - 2018-03-07 15:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8319073465886591497.dll
2018-03-21 11:15 - 2018-03-21 11:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8674080461933967724.dll
2018-03-06 21:41 - 2018-03-06 21:41 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-9140206845653613844.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-21 18:31
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC (02-04-2018 15:45:32)
Running from C:\Users\PC\Desktop
Windows 10 Pro Version 1709 16299.248 (X64) (2018-02-06 06:42:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4241098779-1380022037-623437125-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4241098779-1380022037-623437125-503 - Limited - Disabled)
Guest (S-1-5-21-4241098779-1380022037-623437125-501 - Limited - Disabled)
PC (S-1-5-21-4241098779-1380022037-623437125-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-4241098779-1380022037-623437125-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.18.0129.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.18.0129.1 - GIGABYTE)
Discord (HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0821.1 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0821.1 - GIGABYTE)
Epic Games Launcher (HKLM-x32\...\{8FEB5B5F-0777-4E9D-8705-06F0A2295544}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1037 - Intel Corporation)
Intel® Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel)
Intel® Optane™ Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.8.1.1007 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8210 - Realtek Semiconductor Corp.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 2.17.0821.1 - GIGABYTE)
Rules of Survival version 1.134042.136949 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.134042.136949 - Hong Kong Netease Interactive Entertainment Limited)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {189FB16A-2C68-40D1-8611-606B481C8B3B} - System32\Tasks\S-1-5-21-4241098779-1380022037-623437125-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {40D17B5B-A31B-4B85-8907-AB3534598A96} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe
Task: {520ED47D-5328-4022-8397-2F648FC091E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AF0CFA3B-705D-4EF3-8A67-6B4F7D9A2639} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {FC6EE6D7-D812-4DA9-8FE4-535ADE9D916D} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-25 09:45 - 2015-06-25 09:45 - 000017920 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
2018-02-06 15:03 - 2018-01-10 22:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-02-06 15:03 - 2017-12-16 06:34 - 000133704 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-21 17:08 - 2018-02-10 12:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-21 17:08 - 2018-02-10 12:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-21 18:50 - 2017-08-21 18:50 - 002397616 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\SelLedV2.exe
2015-02-17 01:47 - 2015-02-17 01:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\ycc.dll
2017-07-12 18:07 - 2017-07-12 18:07 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-08 17:18 - 2016-12-08 17:18 - 001804800 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\ycc.dll
2017-06-22 11:46 - 2017-06-22 11:46 - 000284120 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\GskillSdk.dll
2017-05-23 16:23 - 2017-05-23 16:23 - 000044544 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll
2018-03-16 11:53 - 2018-01-11 10:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-03-16 11:53 - 2018-03-27 06:33 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-03-16 11:53 - 2018-03-27 06:33 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-03-16 11:53 - 2016-07-05 06:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-03-16 11:58 - 2017-09-07 10:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-03-16 11:58 - 2017-12-14 05:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-03-16 11:53 - 2015-09-25 07:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 21:46 - 2018-04-01 15:28 - 000004929 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
 
There are 83 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4F5E3055-79DE-44C5-AC7A-AA14FE6104DA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{88B445D2-7BB3-4DE2-B90D-D9424B1A76CE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{5F8EFEF9-5BDD-4B25-A571-D15A8949A5F4}] => (Allow) LPort=9009
FirewallRules: [{7A55DFA7-AB4C-4D3C-8FEE-71B3FF1CCFB4}] => (Allow) LPort=9009
FirewallRules: [{FB2956E0-D748-413F-8368-FC0097A9BFEA}] => (Allow) LPort=9009
FirewallRules: [{4EE59F71-40F1-43EC-B4D0-5C7363BC3F36}] => (Allow) LPort=9009
FirewallRules: [{49B3BF66-5AE0-4F02-8F0C-61AB8EE98D17}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{32C6E318-7C69-43A3-9664-4E0F725ED01A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{FDF8B53A-9077-40D7-937D-B3F782AE5A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07BA945F-4FEC-4207-AE04-74F6F4F89DE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E0CBDA88-A7D4-44B3-9D39-1D66D7ED060A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5442AB78-42F1-42EA-9628-9EA389B5CA26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3363A31C-ACA4-4B49-974F-63C34D6B7DDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{58B91AD2-24AD-4C47-8AB1-73426A78CB6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1D3C5488-F96A-41BA-8C21-2A854A70CE0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E4E9BC6C-6F2F-4878-B892-143EAC73CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{300D7DC2-65BC-4D5B-9E83-9D64D6EF9CE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E9AA15FE-18D9-462D-992C-E104C4770C9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{55431E0E-558C-457B-BF43-A3F51D3E994A}] => (Allow) LPort=9009
FirewallRules: [{65AD516A-61C2-45A4-AA83-B752D9E7CF73}] => (Allow) LPort=9009
FirewallRules: [{DBB3987E-05DA-4818-93BD-5D098EA46099}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{620ADADB-5CFA-4F93-A763-82CE19C4872E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F62ACCA1-2BC6-4EF9-9160-B12E5ECFA0B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EE9FA6C1-83E0-4DBC-8DE3-DBC8DFEC45E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{14602C45-CE06-4FFA-9AED-EF78F0072295}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{217D0FE4-E6FA-440A-8153-D6C8F3C3AAB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFCDEBDB-CCE5-4AE8-900E-BFB369D06F0B}] => (Allow) LPort=9009
FirewallRules: [{DC980091-AF85-4596-B36E-BACBA4ECC03D}] => (Allow) LPort=9009
FirewallRules: [{EADDD57F-929A-4E28-9FAD-4056177CB295}] => (Allow) LPort=9009
FirewallRules: [{FADC04EC-0FAA-43C1-876B-C4690DFAB40A}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{B20C43F3-97E7-4381-9A1A-2BCA0A773AF1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{52C1E970-7B90-4A93-9744-C970F0C3048A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2AC9CF72-79F3-448E-92EA-35C3D1A1D8CC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{549A4976-EE47-41DB-A4C9-7616B217D5C4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{07460535-346C-427A-BFB2-B8AC05649F2E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{36FA67DC-F1B5-4DDA-BDE3-79660DDB3F73}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{F2B7B77D-5F99-43D6-8D92-85B96606C8F7}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{F1E18BC6-36E9-4291-BA06-7AA6EECD719C}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{68C315DC-9523-4F45-8102-71C076ACC8C3}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{4B7178E9-EE5A-4984-8F00-BA7FAEADA2FA}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{3D68830F-2296-418F-8E37-5F8F053D8AC3}] => (Allow) LPort=9009
FirewallRules: [{2FD1D7C8-B970-4653-B773-60B359503FE5}] => (Allow) LPort=9009
FirewallRules: [{2DFA2D6D-9CBA-4AF6-AF1B-219A522AAB7C}] => (Allow) LPort=9009
FirewallRules: [{CAD3188A-3F90-49DD-A972-41DB0D66A9F8}] => (Allow) LPort=9009
FirewallRules: [{69132F42-C80E-4272-A516-234E203E6CEF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{6442CB99-A47D-4ED8-ADC4-BD324FDB93ED}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{FE37D619-7DB7-4991-8309-7B37F01EF4EB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{9D045A7E-A1ED-4D7E-997E-38209FBA24BA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{CED230D5-5B70-444A-A25C-F3A9F40AAE87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EEBC27D1-87FB-42EB-A472-69F1164262D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39AD1638-8C46-42ED-AC12-1396325E1E5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{932AD338-15C2-4A75-BE56-D541D15853B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0CD252C5-D566-44D9-8FA6-43A0E212496C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{A32970AA-CC4C-4256-A5F9-422E13ADD800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{73CFE9C6-495A-417A-ACCD-251913953A20}] => (Allow) LPort=9009
FirewallRules: [{17F6EB7C-ED11-4B90-81BE-512EB8760139}] => (Allow) LPort=9009
FirewallRules: [{5E013B9A-4CF8-4C79-A14E-D0F5C88E127D}] => (Allow) LPort=9009
FirewallRules: [{B365A6F7-92B2-4A63-8778-977444D98EF1}] => (Allow) LPort=9009
FirewallRules: [{BD2D7C3B-83B8-4CD1-AE89-74DE0C588920}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1547ABD9-3A3F-4C85-A176-FDB8958ABF68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{AD2A7DEF-732C-4E90-8CC9-3188BA955B39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{48BFD304-EB92-4E11-B773-EFC0322B52AB}] => (Allow) LPort=9009
FirewallRules: [{BC8BF5D8-F618-4098-AFB3-3C342D64CAAE}] => (Allow) LPort=9009
FirewallRules: [{D36A8180-F256-4A1D-BCCC-0F61A0675345}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{95D7F480-6A33-4F51-8186-A1351FADF986}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{C4334719-89CD-4445-B6FA-A1144000D3A8}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{9F1DDE7F-5E77-4037-BF93-9CBD649DFBBC}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{034ADF95-3EA5-428A-8AA4-E922BDC3F86D}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{D953ED50-4D21-4556-8BC0-3BA3E498B478}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{712EF00A-3E81-468C-9901-4E9BBFA78D2C}] => (Allow) LPort=9009
FirewallRules: [{2CC5D297-2B76-45F9-8B75-567F0EFD00F8}] => (Allow) LPort=9009
FirewallRules: [{81136EAF-0C7C-4A28-AEB8-086C5BC86A2E}] => (Allow) LPort=9009
FirewallRules: [{364AEE1B-D407-46F6-900D-FC981AC649C0}] => (Allow) LPort=9009
FirewallRules: [{C1D836BA-B078-440F-B370-57A63D09FE70}] => (Allow) LPort=9009
FirewallRules: [{3F339B4F-06AE-4EAC-8D4D-A25EF122C995}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3F26B54F-A5C7-4950-8A1C-F272E8F266AF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D45A1A47-BD41-4C68-853F-B33D4ABAD27E}] => (Allow) LPort=9009
FirewallRules: [{F17F8159-9DCA-47AA-8BAD-30F1F724C702}] => (Allow) LPort=9009
FirewallRules: [{77DC489B-F4A4-4769-877D-47271D56158E}] => (Allow) LPort=9009
 
==================== Restore Points =========================
 
06-02-2018 14:47:37 IIF_MSI
21-02-2018 15:31:44 Removed APP Center
05-03-2018 23:05:02 Installed DirectX
16-03-2018 11:03:18 Removed APP Center
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2018 03:45:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:13Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:44:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:43Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:44:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:13Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:43:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:43Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:43:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:13Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:42:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:43Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:41:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:43Z. Error Code: 0x80070002.
 
Error: (04/02/2018 03:41:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:13Z. Error Code: 0x80070002.
 
 
System errors:
=============
Error: (04/02/2018 03:42:35 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume62
 
Error: (04/02/2018 03:41:53 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume52
 
Error: (04/01/2018 03:48:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2018 03:16:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2018 02:59:09 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.102 with the system
having network hardware address 4C-7C-5F-14-6E-9A. Network operations on this system may
be disrupted as a result.
 
Error: (03/30/2018 11:17:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/30/2018 10:58:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/30/2018 10:34:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-04-01 15:16:11.339
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C42E87DD-DA42-4CA6-8A90-E5D7C58B30F7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-30 13:31:45.378
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd;file:_C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 13:31:45.367
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: Medium
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 12:38:03.327
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 12:25:02.250
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 17:37:41.068
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-30 17:33:06.093
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-30 12:22:13.039
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-02 11:21:55.223
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-02-24 14:56:29.471
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8140.75 MB
Available physical RAM: 6058 MB
Total Virtual: 9420.75 MB
Available Virtual: 7180.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:787.37 GB) NTFS
 
\\?\Volume{4522ce36-b9a7-44f0-96b3-2aee965c7f26}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{53e2f30e-2955-4da6-8677-0cbc9cde746c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 02 April 2018 - 12:14 PM

Leadless:

:step1: Unfortunately, in going over your logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this/these program(s), so I am NOT accusing you of knowingly installing this/these program(s) on your computer.

Bleeping Computer does not condone software piracy. Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware. If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

I am going to ask you to remove any and all software that you do not own, and to uninstall the software that is evading licensing requirements. If you are not aware of these software utility, or utilities, then you will have to accept, that as a part of my "fix" for your computer, the disinfection scripts and utilities will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements detected in the scan logs. Some of the anti-malware tools that I use will automatically quarantine software "cracks", without notice, so if you are not willing to take the chance of one or more "cracked" programs being disabled, please let me know right away.

If is agreeable to you to uninstall the "cracked" sofware, then after you have uninstalled any illicit software, please run the following scan for me.

If it is not agreeable to you, then please let me know and I will conclude your topic.

.

:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply, or replies. Sometimes, when the FRST logs are large, you have to post each log individually.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 03 April 2018 - 01:59 AM

Wait what.. it was probably by my brother then. This pc is his, he uses it most of the time, I just borrowed it from him for my project in school. 
I will try to uninstall it/them.



#6 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 03 April 2018 - 02:23 AM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\dm.bin
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\ros\documents\res\sound\item_firecracker.fsb
c:\windows\prefetch\kmspico_setup.tmp-0a6b3484.pf
scanner sequence 3.DD.11.WGAPBZ
 ----- EOF ----- 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by PC (administrator) on DESKTOP-9B2CIK5 (03-04-2018 15:18:14)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\GIGABYTE\RGBFusion\SelLedV2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(TODO: <Company name>) C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedServices.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Optane Memory\OptaneMemoryUIIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [OptaneMemoryUI] => C:\Program Files\Intel\Intel® Optane Memory\OptaneMemoryUIIcon.exe [410696 2017-08-25] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230816 2017-10-24] (Realtek Semiconductor)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [115120 2017-05-25] ()
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Run: [Discord] => C:\Users\PC\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4b3e35d6-fee5-4bb5-9a91-093154f257ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d9d00d74-c2c1-4d04-abb7-ba42f69780fd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e94d2238-a862-4a47-899e-bb66121ddfa9}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-4241098779-1380022037-623437125-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-4241098779-1380022037-623437125-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-21] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-21] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-21] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2018-04-03]
CHR Extension: (Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2018-03-16] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-12] (EasyAntiCheat Ltd)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [147400 2017-08-21] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (Microsoft)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2414264 2017-08-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-07-12] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123848 2017-08-21] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [544744 2017-10-24] (Intel Corporation)
R3 gdrv; C:\Windows\gdrv.sys [26792 2018-04-03] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 GLCKIO; C:\ProgramData\ASUS\GLKIO\690b33e1-0462-4e84-9bea-c7552b45432a.sys [18712 2018-04-03] ()
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70664 2017-08-25] (Intel Corporation)
R1 MpKsl352fa416; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D935715D-9F8A-499D-8343-AC16B7996A62}\MpKsl352fa416.sys [58120 2018-04-03] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58680 2018-01-10] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6831056 2017-06-20] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-03 15:16 - 2018-04-03 15:16 - 000000550 _____ C:\Users\PC\Desktop\ckfiles.txt
2018-04-03 15:15 - 2018-04-03 15:14 - 000468480 _____ () C:\Users\PC\Desktop\CKScanner.exe
2018-04-03 15:00 - 2018-04-03 15:00 - 000000000 ____D C:\Users\PC\Documents\Wallpaper
2018-04-02 15:45 - 2018-04-03 15:18 - 000014147 _____ C:\Users\PC\Desktop\FRST.txt
2018-04-02 15:45 - 2018-04-03 15:18 - 000000000 ____D C:\FRST
2018-04-02 15:43 - 2018-04-02 15:40 - 002403328 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2018-04-01 15:20 - 2018-04-01 15:20 - 000000000 ____D C:\Windows\pss
2018-03-30 17:38 - 2018-03-30 17:38 - 000000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2018-03-30 13:45 - 2018-03-30 13:45 - 000000444 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-03-30 12:27 - 2018-03-30 12:27 - 000000000 ___HD C:\Users\PC\MicrosoftEdgeBackups
2018-03-30 12:22 - 2018-03-30 17:38 - 000837630 _____ C:\Windows\ntbtlog.txt
2018-03-30 11:29 - 2018-03-30 11:29 - 000000000 ____D C:\Users\PC\AppData\Local\MicrosoftEdge
2018-03-23 21:18 - 2018-03-23 21:18 - 000000000 ____D C:\Users\PC\AppData\Roaming\AndroidTbox
2018-03-23 20:23 - 2018-03-30 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2018-03-23 20:23 - 2018-03-23 21:18 - 000000000 ____D C:\ProgramData\Tencent
2018-03-23 20:19 - 2018-03-30 13:40 - 000000000 ____D C:\Users\PC\AppData\Roaming\Tencent
2018-03-23 20:19 - 2018-03-23 20:19 - 000000000 ____D C:\Temp
2018-03-16 17:15 - 2018-03-16 17:15 - 000000000 ____D C:\Users\PC\Downloads\mods
2018-03-16 17:14 - 2018-03-16 17:15 - 016803489 _____ C:\Users\PC\Downloads\mods.zip
2018-03-16 15:15 - 2018-03-16 15:15 - 000000000 ____D C:\Users\PC\Documents\BlackSquad
2018-03-16 15:14 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-03-16 15:14 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-03-16 12:03 - 2018-03-16 12:03 - 000000222 _____ C:\Users\PC\Desktop\Black Squad.url
2018-03-16 11:58 - 2018-03-16 11:59 - 000000000 ____D C:\Users\PC\AppData\Local\Steam
2018-03-16 11:47 - 2018-04-03 15:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-16 11:47 - 2018-03-16 11:47 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2018-03-16 11:47 - 2018-03-16 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-16 11:03 - 2018-03-16 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2018-03-13 15:31 - 2018-03-13 15:31 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-09 18:36 - 2018-03-09 18:36 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-03-09 17:42 - 2018-03-09 17:42 - 000000000 ____D C:\Users\PC\AppData\Roaming\Macromedia
2018-03-09 17:38 - 2017-10-09 23:34 - 000097168 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\SET7500.tmp
2018-03-09 17:37 - 2018-03-30 12:08 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-03-09 17:06 - 2018-03-30 12:24 - 000000000 ____D C:\ProgramData\McAfee
2018-03-09 17:06 - 2018-03-09 17:42 - 000000049 _____ C:\Users\PC\AppData\Roaming\MCVi2UserDetail.ini
2018-03-05 23:14 - 2018-03-05 23:14 - 000000000 ____D C:\Users\PC\Documents\Electronic Arts
2018-03-05 23:05 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-03-05 23:05 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-03-05 23:05 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-03-05 23:05 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-03-05 23:05 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-03-05 23:05 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-03-05 23:05 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-03-05 23:05 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-03-05 23:05 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-03-05 23:05 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-03-05 23:05 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-03-05 23:05 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-03-05 23:05 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-03-05 23:05 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-03-05 23:05 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-03-05 23:05 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-03-05 23:05 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-03-05 23:05 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-03-05 23:05 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-03-05 23:05 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-03-05 23:05 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-03-05 23:05 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-03-05 23:05 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-03-05 23:05 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-03-05 23:05 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-03-05 23:05 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-03-05 23:05 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-03-05 23:05 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-03-05 23:05 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-03-05 23:05 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-03-05 23:05 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-03-05 23:05 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-03-05 23:05 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-03-05 23:05 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-03-05 23:05 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-03-05 23:05 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-03-05 23:05 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-03-05 23:05 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-03-05 23:05 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-03-05 23:05 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-03-05 23:05 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-03-05 23:05 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-03-05 23:05 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-03-05 23:05 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-03-05 23:05 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-03-05 23:05 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-03-05 23:05 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-03-05 23:05 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-03-05 23:05 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-03-05 23:05 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-03-05 23:05 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-03-05 23:05 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-03-05 23:05 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-03-05 23:05 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-03-05 23:05 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-03-05 23:05 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-03-05 23:05 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-03-05 23:05 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-03-05 23:05 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-03-05 23:05 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-03-05 23:05 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-03-05 23:05 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-03-05 23:05 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-03-05 23:05 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-03-05 23:05 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-03-05 23:05 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-03-05 23:05 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-03-05 23:05 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-03-05 23:05 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-03-05 23:05 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-03-05 23:05 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-03-05 23:05 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-03-05 23:05 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-03-05 23:05 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-03-05 23:05 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-03-05 23:05 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2018-03-05 23:05 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-03-05 23:05 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-03-05 22:58 - 2018-03-05 23:05 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-03-05 22:58 - 2018-03-05 23:05 - 000000000 ____D C:\Windows\SysWOW64\directx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-03 15:12 - 2018-02-06 14:46 - 001463242 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-03 15:07 - 2018-02-06 15:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-03 15:07 - 2018-02-06 14:53 - 000026792 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv.sys
2018-04-03 15:07 - 2018-02-06 14:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-03 15:07 - 2017-09-29 16:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-04-03 15:04 - 2018-02-24 14:58 - 000000000 ____D C:\Program Files\KMSpico
2018-04-03 14:59 - 2018-02-06 14:38 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-04-02 17:51 - 2018-02-21 16:02 - 000000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2018-04-01 15:20 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\NDF
2018-03-30 18:05 - 2018-02-21 20:20 - 000000000 ____D C:\Users\PC\AppData\Roaming\CC
2018-03-30 17:37 - 2018-03-02 11:22 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-30 12:27 - 2018-02-06 14:43 - 000000000 ____D C:\Users\PC
2018-03-30 12:08 - 2017-09-29 21:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-03-30 12:08 - 2017-09-29 16:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-03-30 12:06 - 2018-03-01 22:21 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2018-03-29 17:01 - 2018-02-21 16:07 - 000007597 _____ C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2018-03-27 18:32 - 2018-02-21 20:43 - 000000000 ____D C:\Users\PC\AppData\Roaming\obs-studio
2018-03-23 16:18 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-22 22:32 - 2018-02-21 20:14 - 000000000 ____D C:\ros
2018-03-22 15:54 - 2018-02-26 17:16 - 000000000 ____D C:\Users\PC\Documents\Sony Vegas Pro
2018-03-21 21:53 - 2018-02-06 14:53 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 21:53 - 2018-02-06 14:53 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-16 19:11 - 2018-02-21 17:19 - 000000000 ____D C:\Users\PC\AppData\Roaming\discord
2018-03-16 12:02 - 2018-02-21 15:52 - 000000000 ___RD C:\Users\PC\Desktop\Applications
2018-03-16 11:03 - 2018-02-06 14:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-09 18:36 - 2017-09-29 21:44 - 000000000 ____D C:\Windows\INF
2018-03-09 17:38 - 2017-09-29 21:46 - 000000124 _____ C:\Windows\win.ini
2018-03-05 23:11 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2018-03-09 17:06 - 2018-03-09 17:42 - 000000049 _____ () C:\Users\PC\AppData\Roaming\MCVi2UserDetail.ini
2018-02-21 16:07 - 2018-03-29 17:01 - 000007597 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-30 13:39 - 2018-03-22 11:01 - 000816320 _____ () C:\Users\PC\AppData\Local\Temp\DE5.tmp.exe
2018-03-02 15:01 - 2018-03-02 15:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-2337437311813222808.dll
2018-03-19 10:16 - 2018-03-19 10:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-253262936612238186.dll
2018-03-19 10:16 - 2018-03-19 10:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3014651207095036988.dll
2018-03-04 22:08 - 2018-03-04 22:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3420780696207070338.dll
2018-03-22 11:36 - 2018-03-22 11:36 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3512775995957996856.dll
2018-03-09 17:01 - 2018-03-09 17:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-3779849975140555876.dll
2018-03-09 19:00 - 2018-03-09 19:00 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-4748579227712131277.dll
2018-03-21 23:08 - 2018-03-21 23:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-4953089117850156030.dll
2018-03-09 14:08 - 2018-03-09 14:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5587726996942347394.dll
2018-03-22 13:04 - 2018-03-22 13:04 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-5638829538111321363.dll
2018-03-02 11:26 - 2018-03-02 11:26 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7302960067132054032.dll
2018-03-26 17:02 - 2018-03-26 17:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7316867298567461437.dll
2018-03-11 18:32 - 2018-03-11 18:32 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7643691600872333642.dll
2018-03-21 12:48 - 2018-03-21 12:48 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-7843437343755369015.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-79938007732086404.dll
2018-03-01 16:57 - 2018-03-01 16:57 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8153215151536226844.dll
2018-03-07 15:29 - 2018-03-07 15:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8319073465886591497.dll
2018-03-21 11:15 - 2018-03-21 11:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-8674080461933967724.dll
2018-03-06 21:41 - 2018-03-06 21:41 - 000019968 ____N (Red Hat®, Inc.) C:\Users\PC\AppData\Local\Temp\jansi-64-9140206845653613844.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-21 18:31
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC (03-04-2018 15:18:27)
Running from C:\Users\PC\Desktop
Windows 10 Pro Version 1709 16299.248 (X64) (2018-02-06 06:42:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4241098779-1380022037-623437125-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4241098779-1380022037-623437125-503 - Limited - Disabled)
Guest (S-1-5-21-4241098779-1380022037-623437125-501 - Limited - Disabled)
PC (S-1-5-21-4241098779-1380022037-623437125-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-4241098779-1380022037-623437125-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.18.0129.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.18.0129.1 - GIGABYTE)
Discord (HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0821.1 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.17.0821.1 - GIGABYTE)
Epic Games Launcher (HKLM-x32\...\{8FEB5B5F-0777-4E9D-8705-06F0A2295544}) (Version: 1.1.143.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1037 - Intel Corporation)
Intel® Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel)
Intel® Optane™ Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.8.1.1007 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8210 - Realtek Semiconductor Corp.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 2.17.0821.1 - GIGABYTE)
Rules of Survival version 1.134042.136949 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.134042.136949 - Hong Kong Netease Interactive Entertainment Limited)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {189FB16A-2C68-40D1-8611-606B481C8B3B} - System32\Tasks\S-1-5-21-4241098779-1380022037-623437125-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {40D17B5B-A31B-4B85-8907-AB3534598A96} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe
Task: {AF0CFA3B-705D-4EF3-8A67-6B4F7D9A2639} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2016-11-11] (Safer-Networking Ltd.)
Task: {FC6EE6D7-D812-4DA9-8FE4-535ADE9D916D} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2015-06-25 09:45 - 2015-06-25 09:45 - 000017920 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
2018-02-06 15:03 - 2018-01-10 22:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-24 14:19 - 2017-04-24 14:19 - 000428608 ____R () C:\Program Files\Intel\Wired Networking\NCS2\Agent\AdapterAgnt.DLL
2017-08-21 18:50 - 2017-08-21 18:50 - 002397616 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\SelLedV2.exe
2018-02-21 17:08 - 2018-02-10 12:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-21 17:08 - 2018-02-10 12:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-08 17:18 - 2016-12-08 17:18 - 001804800 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\BDR_info.dll
2015-02-16 10:47 - 2015-02-16 10:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\ycc.dll
2017-05-23 16:23 - 2017-05-23 16:23 - 000044544 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll
2017-06-22 11:46 - 2017-06-22 11:46 - 000284120 _____ () C:\Program Files (x86)\GIGABYTE\RGBFusion\GskillSdk.dll
2015-02-17 01:47 - 2015-02-17 01:47 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\ycc.dll
2018-03-16 11:53 - 2018-01-11 10:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-03-16 11:53 - 2018-03-27 06:33 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-03-16 11:53 - 2017-12-20 09:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-03-16 11:53 - 2016-09-01 09:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-03-16 11:53 - 2018-03-27 06:33 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-03-16 11:53 - 2016-07-05 06:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-03-16 11:58 - 2017-09-07 10:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-03-16 11:58 - 2017-12-14 05:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-03-16 11:53 - 2015-09-25 07:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-12 18:07 - 2017-07-12 18:07 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 21:46 - 2018-04-03 15:12 - 000004929 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
 
There are 83 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4241098779-1380022037-623437125-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4F5E3055-79DE-44C5-AC7A-AA14FE6104DA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{88B445D2-7BB3-4DE2-B90D-D9424B1A76CE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{5F8EFEF9-5BDD-4B25-A571-D15A8949A5F4}] => (Allow) LPort=9009
FirewallRules: [{7A55DFA7-AB4C-4D3C-8FEE-71B3FF1CCFB4}] => (Allow) LPort=9009
FirewallRules: [{FB2956E0-D748-413F-8368-FC0097A9BFEA}] => (Allow) LPort=9009
FirewallRules: [{4EE59F71-40F1-43EC-B4D0-5C7363BC3F36}] => (Allow) LPort=9009
FirewallRules: [{49B3BF66-5AE0-4F02-8F0C-61AB8EE98D17}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{32C6E318-7C69-43A3-9664-4E0F725ED01A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{FDF8B53A-9077-40D7-937D-B3F782AE5A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07BA945F-4FEC-4207-AE04-74F6F4F89DE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E0CBDA88-A7D4-44B3-9D39-1D66D7ED060A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5442AB78-42F1-42EA-9628-9EA389B5CA26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3363A31C-ACA4-4B49-974F-63C34D6B7DDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{58B91AD2-24AD-4C47-8AB1-73426A78CB6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1D3C5488-F96A-41BA-8C21-2A854A70CE0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E4E9BC6C-6F2F-4878-B892-143EAC73CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{300D7DC2-65BC-4D5B-9E83-9D64D6EF9CE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E9AA15FE-18D9-462D-992C-E104C4770C9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{55431E0E-558C-457B-BF43-A3F51D3E994A}] => (Allow) LPort=9009
FirewallRules: [{65AD516A-61C2-45A4-AA83-B752D9E7CF73}] => (Allow) LPort=9009
FirewallRules: [{DBB3987E-05DA-4818-93BD-5D098EA46099}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{620ADADB-5CFA-4F93-A763-82CE19C4872E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F62ACCA1-2BC6-4EF9-9160-B12E5ECFA0B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EE9FA6C1-83E0-4DBC-8DE3-DBC8DFEC45E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{14602C45-CE06-4FFA-9AED-EF78F0072295}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{217D0FE4-E6FA-440A-8153-D6C8F3C3AAB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFCDEBDB-CCE5-4AE8-900E-BFB369D06F0B}] => (Allow) LPort=9009
FirewallRules: [{DC980091-AF85-4596-B36E-BACBA4ECC03D}] => (Allow) LPort=9009
FirewallRules: [{EADDD57F-929A-4E28-9FAD-4056177CB295}] => (Allow) LPort=9009
FirewallRules: [{FADC04EC-0FAA-43C1-876B-C4690DFAB40A}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{B20C43F3-97E7-4381-9A1A-2BCA0A773AF1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{52C1E970-7B90-4A93-9744-C970F0C3048A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2AC9CF72-79F3-448E-92EA-35C3D1A1D8CC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{549A4976-EE47-41DB-A4C9-7616B217D5C4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{07460535-346C-427A-BFB2-B8AC05649F2E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{36FA67DC-F1B5-4DDA-BDE3-79660DDB3F73}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{F2B7B77D-5F99-43D6-8D92-85B96606C8F7}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{F1E18BC6-36E9-4291-BA06-7AA6EECD719C}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{68C315DC-9523-4F45-8102-71C076ACC8C3}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{4B7178E9-EE5A-4984-8F00-BA7FAEADA2FA}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{3D68830F-2296-418F-8E37-5F8F053D8AC3}] => (Allow) LPort=9009
FirewallRules: [{2FD1D7C8-B970-4653-B773-60B359503FE5}] => (Allow) LPort=9009
FirewallRules: [{2DFA2D6D-9CBA-4AF6-AF1B-219A522AAB7C}] => (Allow) LPort=9009
FirewallRules: [{CAD3188A-3F90-49DD-A972-41DB0D66A9F8}] => (Allow) LPort=9009
FirewallRules: [{69132F42-C80E-4272-A516-234E203E6CEF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{6442CB99-A47D-4ED8-ADC4-BD324FDB93ED}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{FE37D619-7DB7-4991-8309-7B37F01EF4EB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [{9D045A7E-A1ED-4D7E-997E-38209FBA24BA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{CED230D5-5B70-444A-A25C-F3A9F40AAE87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EEBC27D1-87FB-42EB-A472-69F1164262D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39AD1638-8C46-42ED-AC12-1396325E1E5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{932AD338-15C2-4A75-BE56-D541D15853B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0CD252C5-D566-44D9-8FA6-43A0E212496C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{A32970AA-CC4C-4256-A5F9-422E13ADD800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{73CFE9C6-495A-417A-ACCD-251913953A20}] => (Allow) LPort=9009
FirewallRules: [{17F6EB7C-ED11-4B90-81BE-512EB8760139}] => (Allow) LPort=9009
FirewallRules: [{5E013B9A-4CF8-4C79-A14E-D0F5C88E127D}] => (Allow) LPort=9009
FirewallRules: [{B365A6F7-92B2-4A63-8778-977444D98EF1}] => (Allow) LPort=9009
FirewallRules: [{BD2D7C3B-83B8-4CD1-AE89-74DE0C588920}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1547ABD9-3A3F-4C85-A176-FDB8958ABF68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{AD2A7DEF-732C-4E90-8CC9-3188BA955B39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{48BFD304-EB92-4E11-B773-EFC0322B52AB}] => (Allow) LPort=9009
FirewallRules: [{BC8BF5D8-F618-4098-AFB3-3C342D64CAAE}] => (Allow) LPort=9009
FirewallRules: [{D36A8180-F256-4A1D-BCCC-0F61A0675345}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{95D7F480-6A33-4F51-8186-A1351FADF986}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{C4334719-89CD-4445-B6FA-A1144000D3A8}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{9F1DDE7F-5E77-4037-BF93-9CBD649DFBBC}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{034ADF95-3EA5-428A-8AA4-E922BDC3F86D}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{D953ED50-4D21-4556-8BC0-3BA3E498B478}] => (Allow) C:\Users\PC\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
FirewallRules: [{712EF00A-3E81-468C-9901-4E9BBFA78D2C}] => (Allow) LPort=9009
FirewallRules: [{2CC5D297-2B76-45F9-8B75-567F0EFD00F8}] => (Allow) LPort=9009
FirewallRules: [{81136EAF-0C7C-4A28-AEB8-086C5BC86A2E}] => (Allow) LPort=9009
FirewallRules: [{364AEE1B-D407-46F6-900D-FC981AC649C0}] => (Allow) LPort=9009
FirewallRules: [{C1D836BA-B078-440F-B370-57A63D09FE70}] => (Allow) LPort=9009
FirewallRules: [{3F339B4F-06AE-4EAC-8D4D-A25EF122C995}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3F26B54F-A5C7-4950-8A1C-F272E8F266AF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D45A1A47-BD41-4C68-853F-B33D4ABAD27E}] => (Allow) LPort=9009
FirewallRules: [{F17F8159-9DCA-47AA-8BAD-30F1F724C702}] => (Allow) LPort=9009
FirewallRules: [{77DC489B-F4A4-4769-877D-47271D56158E}] => (Allow) LPort=9009
FirewallRules: [{4A63C538-9117-47D5-85DC-1259AEEB21C6}] => (Allow) LPort=9009
 
==================== Restore Points =========================
 
06-02-2018 14:47:37 IIF_MSI
21-02-2018 15:31:44 Removed APP Center
05-03-2018 23:05:02 Installed DirectX
16-03-2018 11:03:18 Removed APP Center
 
==================== Faulty Device Manager Devices =============
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2018 03:18:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:32Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:18:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:02Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:17:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:32Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:17:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:02Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:16:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:32Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:16:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:02Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:15:32 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:15:32Z. Error Code: 0x80070002.
 
Error: (04/03/2018 03:14:48 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2018-04-12T07:14:48Z. Error Code: 0x80070002.
 
 
System errors:
=============
Error: (04/03/2018 03:15:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/03/2018 03:15:00 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume52
 
Error: (04/02/2018 03:46:41 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume72
 
Error: (04/02/2018 03:42:35 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume62
 
Error: (04/02/2018 03:41:53 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: D:\Device\HarddiskVolume52
 
Error: (04/01/2018 03:48:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2018 03:16:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9B2CIK5)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-9B2CIK5\PC SID (S-1-5-21-4241098779-1380022037-623437125-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2018 02:59:09 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.102 with the system
having network hardware address 4C-7C-5F-14-6E-9A. Network operations on this system may
be disrupted as a result.
 
 
Windows Defender:
===================================
Date: 2018-04-01 15:16:11.339
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C42E87DD-DA42-4CA6-8A90-E5D7C58B30F7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-30 13:31:45.378
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd;file:_C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 13:31:45.367
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS!rfn
ID: 2147692752
Severity: Medium
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 12:38:03.327
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 12:25:02.250
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.1737.0, AS: 1.263.1737.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-30 17:37:41.068
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-30 17:33:06.093
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-30 12:22:13.039
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-03-02 11:21:55.223
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-02-24 14:56:29.471
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8140.75 MB
Available physical RAM: 6058.31 MB
Total Virtual: 9420.75 MB
Available Virtual: 7150.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:828.24 GB) NTFS
 
\\?\Volume{4522ce36-b9a7-44f0-96b3-2aee965c7f26}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{53e2f30e-2955-4da6-8677-0cbc9cde746c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 03 April 2018 - 08:01 AM

Leadless:

Thank you for your patience while I analyzed your FRST logs and thank you for the fresh set of FRST scan logs, as well as for running, and posting the results of the CKScanner scan.



Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me.

PLEASE NOTE: This FRST "fixlist" script WILL REMOVE the software "cracks" detected on this computer, which will cause any "cracked" programs, including possibly Windows itself, if it is a pirated version, from functioning normally.

DO NOT run this script is this is unacceptable to you. Simply let me know that you do not require further assistance, and I will conclude your topic.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
GroupPolicy: Restriction <==== ATTENTION
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVEX15.SYS [X]
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
2018-03-09 17:38 - 2017-10-09 23:34 - 000097168 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\SET7500.tmp
2018-03-09 17:37 - 2018-03-30 12:08 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-03-09 17:06 - 2018-03-30 12:24 - 000000000 ____D C:\ProgramData\McAfee
2018-03-16 19:30 - 2018-02-24 14:58 - 000000000 ____D C:\Program Files\KMSpico
Task: {520ED47D-5328-4022-8397-2F648FC091E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Folder: C:\ros
VirusTotal: C:\ProgramData\InstallShield\Update\isuspm.ini;C:\Users\PC\AppData\Local\Temp\DE5.tmp.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
C:\Windows\SECOH-QAD.dll
c:\windows\prefetch\kmspico_setup.tmp-0a6b3484.pf
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 April 2018 - 03:46 AM

Oh my god it's fixed, thank you very much!
Can you tell me what the problem was?


Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC (04-04-2018 16:38:21) Run:1
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
GroupPolicy: Restriction <==== ATTENTION
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVEX15.SYS [X]
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
2018-03-09 17:38 - 2017-10-09 23:34 - 000097168 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\SET7500.tmp
2018-03-09 17:37 - 2018-03-30 12:08 - 000000000 ____D C:\Windows\System32\Tasks\McAfee
2018-03-09 17:06 - 2018-03-30 12:24 - 000000000 ____D C:\ProgramData\McAfee
2018-03-16 19:30 - 2018-02-24 14:58 - 000000000 ____D C:\Program Files\KMSpico
Task: {520ED47D-5328-4022-8397-2F648FC091E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Folder: C:\ros
VirusTotal: C:\ProgramData\InstallShield\Update\isuspm.ini;C:\Users\PC\AppData\Local\Temp\DE5.tmp.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
C:\Windows\SECOH-QAD.dll
c:\windows\prefetch\kmspico_setup.tmp-0a6b3484.pf
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4241098779-1380022037-623437125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4241098779-1380022037-623437125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
"HKLM\System\CurrentControlSet\Services\NAVENG" => removed successfully
NAVENG => service removed successfully
"HKLM\System\CurrentControlSet\Services\NAVEX15" => removed successfully
NAVEX15 => service removed successfully
 
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???? ========================
 
 
====== End of Folder: ======
 
C:\Windows\system32\Drivers\SET7500.tmp => moved successfully
C:\Windows\System32\Tasks\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Program Files\KMSpico => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\AutoPico Daily Restart" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
 
========================= Folder: C:\ros ========================
 
2018-02-21 20:14 - 2018-02-13 16:45 - 003741688 ____A [17BB4B31A054FEE59838BE04C33D6B65] () C:\ros\assets.npk
2018-02-21 20:14 - 2018-01-16 12:18 - 000705392 ____A [6AEC48637B2478CDE857D1705BB31B42] () C:\ros\CCMsgSdk.dll
2018-02-21 20:14 - 2018-01-16 23:52 - 000331232 ____A [D9F8BE6A8F911F2D4CCF5CB6249723BC] () C:\ros\CrashHunter_PC3.dll
2018-03-02 13:21 - 2018-03-02 13:21 - 001974616 ____A [B33B21DB610116262D906305CE65C354] (Microsoft Corporation) C:\ros\D3DCompiler_42.dll
2018-03-02 13:21 - 2018-03-02 13:21 - 002106216 ____A [1C9B45E87528B8BB8CFA884EA0099A85] (Microsoft Corporation) C:\ros\D3DCompiler_43.dll
2018-03-02 13:21 - 2018-03-02 13:21 - 003550208 ____A [960AE99A15B1C8C9FBDDDE97606478F9] (Microsoft Corporation) C:\ros\D3DCompiler_47.dll
2018-03-02 13:21 - 2018-03-02 13:21 - 001998168 ____A [86E39E9161C3D930D93822F1563C280D] (Microsoft Corporation) C:\ros\D3DX9_43.dll
2018-02-21 20:14 - 2018-01-16 12:19 - 001080656 ____A [5C5E3AFD499E5146FEF1DA5EF8A23205] (Microsoft Corporation) C:\ros\dbghelp.dll
2018-02-21 20:14 - 2018-01-16 12:19 - 000292184 ____A [BCBB7C0CD9696068988953990EC5BD11] (Microsoft Corporation) C:\ros\dxwebsetup.exe
2018-02-21 20:14 - 2018-03-02 13:19 - 003262432 ____A [8FAF2B624601E2E885749048515D6956] () C:\ros\errorrpt.exe
2018-02-21 20:14 - 2018-02-06 15:39 - 000273920 ____A [F41A2FCFF2B30DAC5DA951779A600A40] () C:\ros\errorrpt.exe.bak
2018-02-21 20:14 - 2018-02-06 15:39 - 000451040 ____A [7044F25980FC74DDC6E5450F19B0F1C9] (Firelight Technologies) C:\ros\fmod_event.dll
2018-02-21 20:14 - 2018-02-06 15:39 - 000827872 ____A [83EED31C718C601DDA4D75574BE79A5C] (Firelight Technologies) C:\ros\fmod_event_net.dll
2018-02-21 20:14 - 2018-02-06 15:39 - 001317344 ____A [F093BB1578ACBD64E3E62BC5575B1885] (Firelight Technologies) C:\ros\fmodex.dll
2018-03-09 15:03 - 2018-03-27 17:57 - 000000140 ____A [E134154B37ACA5C5003FDB556046DF09] () C:\ros\h45na.prot
2018-02-21 20:14 - 2018-01-16 23:52 - 000649184 ____A [C0C193BD79E2B48742C033823B5C1DEF] (The curl library, https://curl.haxx.se/) C:\ros\libcurl.dll
2018-02-21 20:14 - 2018-03-09 15:03 - 003978208 ____A [F3ECCD3D71C2F3B50BFF399ACA5DD8E6] (网易互动娱乐有限公司) C:\ros\mpay_oversea.dll
2018-02-21 20:14 - 2018-02-06 15:36 - 003937248 ____A [5EE44AF4447D362659E2E46D47046DE6] (网易互动娱乐有限公司) C:\ros\mpay_oversea.dll.bak
2018-03-09 15:03 - 2018-03-27 18:02 - 000000312 ____A [E14E8B989554A4C91F6D35D9F468DA44] () C:\ros\NEACSDK.cfg
2018-03-09 15:03 - 2018-03-09 15:03 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\NEACSDK.log
2018-02-21 20:14 - 2018-02-13 16:51 - 000005956 ____A [FE438011F2CBDBEA8D3561A234FEA2E7] () C:\ros\neox.xml
2018-02-21 20:14 - 2018-02-06 15:36 - 000000424 ____A [2587374E75BF4E7859D7A775C0457AD1] () C:\ros\netease_global.data
2018-02-21 20:14 - 2018-02-06 15:36 - 000029152 ____A [83F1D181DB85E0017AD33E3F1F318D20] (Microsoft Corporation) C:\ros\normaliz.dll
2018-02-21 20:14 - 2018-03-09 15:03 - 002097480 ____A [D77E83B3290056F3B8A2CA6828B3EB52] () C:\ros\NtUniSdkMpayOversea.dll
2018-02-21 20:14 - 2018-02-06 15:36 - 002084832 ____A [ECDCDC66300CAA99EAE75FEE39E84706] () C:\ros\NtUniSdkMpayOversea.dll.bak
2018-02-21 20:14 - 2018-02-06 15:36 - 000278496 ____A [89481072F48B2542D4DB4D2C5F1C59E3] () C:\ros\NtUniSDKResources.dll
2018-03-02 13:19 - 2018-03-02 13:19 - 002071520 ____A [CBEE920C4E130FF14CACC66B7DE51F45] () C:\ros\NtUniSdkSteam.dll
2018-03-09 15:04 - 2018-03-09 15:04 - 000241891 ____A [FE6F7F2C8DFCEA2C920F9C1B1CBC2D01] () C:\ros\rootcert.pem
2018-02-21 20:14 - 2018-03-22 22:32 - 016533472 ____A [95D6AEC26A9AD89CC834F1B65C8777FB] () C:\ros\ros.exe
2018-02-21 20:14 - 2018-03-15 16:27 - 016565728 ____A [80DC5F6311C2C75650E26D3A65E230E2] () C:\ros\ros.exe.bak
2018-02-21 20:14 - 2018-02-13 16:45 - 017251376 ____A [07FDEA9E595EAD5D4B37036629C0F175] () C:\ros\script.npk
2018-03-02 13:19 - 2018-03-02 13:19 - 000219424 ____A [7B857C897BC69313E4936DC3DCCE5193] (Valve Corporation) C:\ros\steam_api.dll
2018-02-21 20:14 - 2018-02-21 20:15 - 000017475 ____A [0D012C1ADB234D25344AD092A4485B6F] () C:\ros\unins000.dat
2018-02-21 20:14 - 2018-02-21 20:13 - 000950949 ____A [B82084D9209BA503E4FDF5E76E2B5ED7] () C:\ros\unins000.exe
2018-02-21 20:14 - 2018-02-21 20:14 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\cclive_bin
2018-02-21 20:14 - 2018-01-16 12:18 - 006951800 ____A [F40D237C3C9AE083914E1D0A5E21182A] () C:\ros\cclive_bin\avcodec-54.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 001575800 ____A [20C2CFE3FE0409A3D4001AA479704D35] () C:\ros\cclive_bin\avformat-54.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000226680 ____A [D7E39795E919F82AE0AECB67202D9845] () C:\ros\cclive_bin\avutil-52.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000000185 ____A [3C592E763AC322759EF460E5B3588384] () C:\ros\cclive_bin\ccplayer.xml
2018-02-21 20:14 - 2018-01-16 12:18 - 000344432 ____A [E819F0645451CA3679D1283DFD095CA8] () C:\ros\cclive_bin\CCVideoPlayer.exe
2018-02-21 20:14 - 2018-01-16 12:18 - 010231664 ____A [CFD7C8A4714F026489CAA8A3CB6379EC] () C:\ros\cclive_bin\ffplayer.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000292208 ____A [C515C17075B407C9FD258E9C52F0830C] () C:\ros\cclive_bin\iplay.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000226664 ____A [87F8221E6C30CB6698534D4F911455EE] (The cURL library, http://curl.haxx.se/) C:\ros\cclive_bin\libcurl.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 001041784 ____A [0BD7B88C5364C6F24E2EC1E4B113CD18] (Free Software Foundation) C:\ros\cclive_bin\libiconv-2.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000158576 ____A [2498334354AD57D95DB211D103B2F05B] () C:\ros\cclive_bin\MLiveCCPlayer.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000486768 ____A [E8AE68D9FE82DCCDFF625AE6C629BD64] () C:\ros\cclive_bin\MLiveCCPlayerApp.exe
2018-02-21 20:14 - 2018-01-16 12:18 - 000421200 ____A [03E9314004F504A14A61C3D364B62F66] (Microsoft Corporation) C:\ros\cclive_bin\msvcp100.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000768232 ____A [A2FD450FD44D9B8CCD74ACAEAA9957D1] (Microsoft Corporation) C:\ros\cclive_bin\msvcr100.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000344064 ____A [209C2BA3B52281724178B13ABEEB72AC] () C:\ros\cclive_bin\p2p_layer.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000307056 ____A [86FB80A6BFAC0E33BCDA3FFDDD0735C2] () C:\ros\cclive_bin\SDL.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000104824 ____A [770ADB40A53801497234A2A83C4D41CB] () C:\ros\cclive_bin\swresample-0.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000344440 ____A [7557CF0A892DA5995218545923F77D98] () C:\ros\cclive_bin\swscale-2.dll
2018-02-21 20:14 - 2018-02-21 20:14 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\ccmini
2018-02-21 20:14 - 2018-01-16 12:18 - 001188200 ____A [B435B9DEF9B8154CBE95853DE74204D7] () C:\ros\ccmini\AudioCC.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000354664 ____A [BF892C5FF5C5CF719CF2D1FF84317F25] () C:\ros\ccmini\AudioCore.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000682344 ____A [C5CB7AC721CDCE5576A5846BBB47D2E1] () C:\ros\ccmini\AudioEngine.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000191336 ____A [FB46AD003EB8DA78F3F2277CAA3E33F0] () C:\ros\ccmini\ccipc.dll
2018-02-21 20:14 - 2018-04-03 16:58 - 000082367 ____A [9A94807BEEF02AB45C0617932C549459] () C:\ros\ccmini\CCLib_Log.txt
2018-02-21 20:14 - 2018-01-16 12:18 - 000204136 ____A [8F1580E6AE77E7ADFA93E69DEBBBAAAB] (网易公司) C:\ros\ccmini\CCMini.exe
2018-02-21 20:14 - 2018-01-16 12:18 - 000421200 ____A [03E9314004F504A14A61C3D364B62F66] (Microsoft Corporation) C:\ros\ccmini\msvcp100.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000768232 ____A [A2FD450FD44D9B8CCD74ACAEAA9957D1] (Microsoft Corporation) C:\ros\ccmini\msvcr100.dll
2018-02-21 20:14 - 2018-04-03 16:58 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\ccmini\logs
2018-02-21 20:20 - 2018-02-21 20:42 - 000001582 ____A [27A2DE6D843DB4CD1FB72E5E17C5BD7D] () C:\ros\ccmini\logs\core_2018221202033178.txt
2018-02-21 22:58 - 2018-02-21 23:04 - 000001582 ____A [C7954A2C5A4A87DAB1E7B630BBAF7C36] () C:\ros\ccmini\logs\core_2018221225839666.txt
2018-02-22 15:40 - 2018-02-22 15:43 - 000001582 ____A [AFD10A39AFA55FCF4400F15910422690] () C:\ros\ccmini\logs\core_201822215402226.txt
2018-02-22 17:29 - 2018-02-22 17:41 - 000001582 ____A [378183E044EDC33566A6B7653120DCF9] () C:\ros\ccmini\logs\core_2018222172923606.txt
2018-02-24 17:23 - 2018-02-24 17:27 - 000001582 ____A [BC01D1A66915CFA327E626B7D0966779] () C:\ros\ccmini\logs\core_2018224172321413.txt
2018-02-24 17:38 - 2018-02-24 18:06 - 000001582 ____A [22BD1203151DAF153F8979BA9B74DF88] () C:\ros\ccmini\logs\core_2018224173836133.txt
2018-03-10 17:51 - 2018-03-10 18:08 - 000001582 ____A [563B7685CA21A61EC1A651761B58118B] () C:\ros\ccmini\logs\core_2018310175157924.txt
2018-03-11 17:16 - 2018-03-11 17:29 - 000001582 ____A [3AB37224157CEBC763CED943C0F82E7D] () C:\ros\ccmini\logs\core_201831117161155.txt
2018-03-11 18:15 - 2018-03-11 18:30 - 000001582 ____A [B88421CE54B1729DAAAB956FCE4D4352] () C:\ros\ccmini\logs\core_201831118156681.txt
2018-03-12 18:17 - 2018-03-12 18:28 - 000001582 ____A [A4D9BE5CDFB9C78212E48A4D6EB0C24E] () C:\ros\ccmini\logs\core_201831218173624.txt
2018-03-15 16:27 - 2018-03-15 16:45 - 000001582 ____A [7504730B5291B3FC2D29E7B982EB2396] () C:\ros\ccmini\logs\core_2018315162742176.txt
2018-03-16 17:57 - 2018-03-16 18:29 - 000001582 ____A [AEEFCA21857977E6F8924FEF2BB78331] () C:\ros\ccmini\logs\core_2018316175747621.txt
2018-03-18 15:28 - 2018-03-18 15:29 - 000001582 ____A [51C27EE02F2D98D23D622F5FB33221DB] () C:\ros\ccmini\logs\core_2018318152846810.txt
2018-03-18 15:30 - 2018-03-18 15:39 - 000001582 ____A [271D99DE3ACCEAAD9C6957A03108BA7B] () C:\ros\ccmini\logs\core_2018318153015466.txt
2018-03-18 15:39 - 2018-03-18 16:23 - 000001582 ____A [B27C14CBCA675E38E0EF7070F4899068] () C:\ros\ccmini\logs\core_2018318153951703.txt
2018-03-18 22:58 - 2018-03-18 23:20 - 000001582 ____A [698266FC456EA149F056F82B8322432D] () C:\ros\ccmini\logs\core_2018318225839887.txt
2018-03-19 10:42 - 2018-03-19 10:51 - 000001582 ____A [1BCBB488D0ADBB59D30F5DA039BCC6C0] () C:\ros\ccmini\logs\core_201831910423651.txt
2018-03-21 10:53 - 2018-03-21 10:57 - 000001582 ____A [373A20AEC170AF0449DC8428B18BC802] () C:\ros\ccmini\logs\core_2018321105330349.txt
2018-03-21 11:44 - 2018-03-21 12:05 - 000001582 ____A [0D8C01CCFAD3CDE780A30DA2B03DBAC3] () C:\ros\ccmini\logs\core_201832111444936.txt
2018-03-02 14:14 - 2018-03-02 14:40 - 000001582 ____A [18C63338056FA250A704343B6E0CD645] () C:\ros\ccmini\logs\core_20183214142467.txt
2018-03-22 22:32 - 2018-03-22 23:26 - 000001582 ____A [057F119491DD1EDF4EB5299720DD311B] () C:\ros\ccmini\logs\core_2018322223252235.txt
2018-03-27 17:57 - 2018-03-27 18:02 - 000001582 ____A [9D55E9B9E834B71FDC4AE44DC06DCFCA] () C:\ros\ccmini\logs\core_2018327175746506.txt
2018-03-28 13:35 - 2018-03-28 13:53 - 000001582 ____A [DC736AE148F24D578D538C58702FB41D] () C:\ros\ccmini\logs\core_2018328133514846.txt
2018-03-30 15:11 - 2018-03-30 15:12 - 000001582 ____A [BBE04A34C2EF37AE4CE61FE0936E3B9A] () C:\ros\ccmini\logs\core_201833015115155.txt
2018-03-30 18:05 - 2018-03-30 18:17 - 000001582 ____A [6BDFF6B53C7E029D83AF485A9F09F66E] () C:\ros\ccmini\logs\core_201833018519841.txt
2018-03-09 15:04 - 2018-03-09 15:42 - 000001582 ____A [65A58548EA36431E4EE342459B9BA376] () C:\ros\ccmini\logs\core_20183915433858.txt
2018-03-09 15:43 - 2018-03-09 16:09 - 000001582 ____A [F5B22374390A423FF5C930C4861E5797] () C:\ros\ccmini\logs\core_20183915436113.txt
2018-04-03 16:00 - 2018-04-03 16:21 - 000001582 ____A [22FCFB3AD4C4905CB798E1CFC7311B33] () C:\ros\ccmini\logs\core_20184316022102.txt
2018-04-03 16:58 - 2018-04-03 17:01 - 000001582 ____A [621471AABA58CB58BEF28A74FA029615] () C:\ros\ccmini\logs\core_201843165815863.txt
2018-02-21 20:20 - 2018-02-21 20:42 - 000008851 ____A [08E27B4FF0C882D4C507EDC97D37FD13] () C:\ros\ccmini\logs\m20180221202033.log
2018-02-21 22:58 - 2018-02-21 23:04 - 000006602 ____A [37C422766BF5DC8A5DD6510D2D67878B] () C:\ros\ccmini\logs\m20180221225839.log
2018-02-22 15:40 - 2018-02-22 15:43 - 000006430 ____A [1623F342434CCD5BFC3B65FE03117898] () C:\ros\ccmini\logs\m20180222154002.log
2018-02-22 17:29 - 2018-02-22 17:41 - 000007521 ____A [DED40889B1CE01D41E8525EC87DE8B61] () C:\ros\ccmini\logs\m20180222172923.log
2018-02-24 17:23 - 2018-02-24 17:27 - 000006086 ____A [46D7C3A4754D40DCC1D22FE636166704] () C:\ros\ccmini\logs\m20180224172321.log
2018-02-24 17:38 - 2018-02-24 18:06 - 000016859 ____A [5345233B87A43C32EE3CCBC14F371C78] () C:\ros\ccmini\logs\m20180224173836.log
2018-03-02 14:14 - 2018-03-02 14:40 - 000011573 ____A [CB1353D8D85A57F030B81935A2FE4333] () C:\ros\ccmini\logs\m20180302141402.log
2018-03-09 15:04 - 2018-03-09 15:42 - 000033687 ____A [BE435620D8FA0E873020B5FE2269DDE5] () C:\ros\ccmini\logs\m20180309150433.log
2018-03-09 15:43 - 2018-03-09 16:09 - 000028954 ____A [ECE29B39C5AD84334311678A0A15F2A1] () C:\ros\ccmini\logs\m20180309154306.log
2018-03-10 17:51 - 2018-03-10 18:08 - 000011636 ____A [685DBF4715D4F0D07CB2D39BC69E01DA] () C:\ros\ccmini\logs\m20180310175157.log
2018-03-11 17:16 - 2018-03-11 17:29 - 000007987 ____A [EFEB49D8168F05642A7A3313C1D08387] () C:\ros\ccmini\logs\m20180311171601.log
2018-03-11 18:15 - 2018-03-11 18:30 - 000008805 ____A [153E911F207AEC4A86905273471F5F10] () C:\ros\ccmini\logs\m20180311181506.log
2018-03-12 18:17 - 2018-03-12 18:28 - 000010555 ____A [ABFA3582E5945E65F7D7FC6A3CC564BD] () C:\ros\ccmini\logs\m20180312181703.log
2018-03-15 16:27 - 2018-03-15 16:45 - 000021240 ____A [9722C64A41F891EA3F46044CD00ED782] () C:\ros\ccmini\logs\m20180315162742.log
2018-03-16 17:57 - 2018-03-16 18:29 - 000011417 ____A [73C8A9591BFA5C5B46710CE9792E6016] () C:\ros\ccmini\logs\m20180316175747.log
2018-03-18 15:28 - 2018-03-18 15:29 - 000003720 ____A [C25A85143C0F3F0E882793EF36FDB6D0] () C:\ros\ccmini\logs\m20180318152846.log
2018-03-18 15:30 - 2018-03-18 15:39 - 000012496 ____A [80A1372A2B4535B3916EBF0A0914FB23] () C:\ros\ccmini\logs\m20180318153015.log
2018-03-18 15:39 - 2018-03-18 16:23 - 000043266 ____A [80FE77C5648DF5464100B0ADD4784495] () C:\ros\ccmini\logs\m20180318153951.log
2018-03-18 22:58 - 2018-03-18 23:20 - 000009816 ____A [0AC74016FED03BF8585B8ACC7DDE6C22] () C:\ros\ccmini\logs\m20180318225839.log
2018-03-19 10:42 - 2018-03-19 10:51 - 000008381 ____A [101228F88A0A267D32C2883C1FB845CB] () C:\ros\ccmini\logs\m20180319104236.log
2018-03-21 10:53 - 2018-03-21 10:57 - 000006677 ____A [7C3BF423BD5BC21B525444F139FCC8DB] () C:\ros\ccmini\logs\m20180321105330.log
2018-03-21 11:44 - 2018-03-21 12:05 - 000009054 ____A [3B481B251BCE01FD45AB3444CD33A767] () C:\ros\ccmini\logs\m20180321114449.log
2018-03-22 22:32 - 2018-03-22 23:26 - 000060139 ____A [19D45907B87995F95B18CF9EB0A90AF7] () C:\ros\ccmini\logs\m20180322223252.log
2018-03-27 17:57 - 2018-03-27 18:02 - 000003717 ____A [84B0E1769144224EE6499892E45ED7A0] () C:\ros\ccmini\logs\m20180327175746.log
2018-03-28 13:35 - 2018-03-28 13:53 - 000011960 ____A [6C388885565A287E40B5E73C4CFDC363] () C:\ros\ccmini\logs\m20180328133514.log
2018-03-30 15:11 - 2018-03-30 15:12 - 000003717 ____A [40D7FB1448E0D13F0BE055E608E467B2] () C:\ros\ccmini\logs\m20180330151105.log
2018-03-30 18:05 - 2018-03-30 18:17 - 000015292 ____A [E1537A0BE177864BE093036CF7E321E5] () C:\ros\ccmini\logs\m20180330180519.log
2018-04-03 16:00 - 2018-04-03 16:21 - 000012834 ____A [D490B6FC8A0F8297C48D7325A762F66F] () C:\ros\ccmini\logs\m20180403160022.log
2018-04-03 16:58 - 2018-04-03 17:01 - 000007163 ____A [FF8B2E08E66D1BEADAA2C42E87B7A3CE] () C:\ros\ccmini\logs\m20180403165815.log
2018-02-21 20:14 - 2018-02-21 20:14 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\ccmini\x64
2018-02-21 20:14 - 2018-01-16 12:18 - 000404712 ____A [EDEBC701B92AE67A5757DFF2B4BA461B] () C:\ros\ccmini\x64\ccipc.dll
2018-02-21 20:14 - 2018-01-16 12:18 - 000715776 ____A [55A5B1866F988A228D64024AD8E3C1EB] () C:\ros\ccmini\x64\ccipc_d.dll
2018-03-02 13:19 - 2018-03-02 13:19 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\CrashDump
2018-03-02 13:19 - 2018-03-02 13:19 - 000000001 ____A [CFCD208495D565EF66E7DFF9F98764DA] () C:\ros\CrashDump\myscript.idx
2018-02-21 20:16 - 2018-03-30 15:07 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents
2018-02-22 17:29 - 2018-03-30 15:07 - 000974492 ____A [6105D710B2B4100EBE79780816032269] () C:\ros\Documents\assets.npk
2018-02-21 20:16 - 2018-04-03 16:02 - 000005119 ____A [44D9AEFF74737899CD9AD2B252592238] () C:\ros\Documents\basic_settings.txt
2018-02-21 20:25 - 2018-04-03 17:01 - 000000028 ____A [6CEE5A30BE436F87E32432CFA3C9DC74] () C:\ros\Documents\chat_history_70696715.bin
2018-02-21 20:42 - 2018-04-03 17:01 - 000001221 ____A [77652528097633BD690A12BE5F8368FC] () C:\ros\Documents\chat_meta_70696715.bin
2018-03-02 13:13 - 2018-03-02 13:14 - 001974616 ____A [B33B21DB610116262D906305CE65C354] (Microsoft Corporation) C:\ros\Documents\D3DCompiler_42.dll
2018-03-02 13:13 - 2018-03-02 13:13 - 002106216 ____A [1C9B45E87528B8BB8CFA884EA0099A85] (Microsoft Corporation) C:\ros\Documents\D3DCompiler_43.dll
2018-02-28 20:23 - 2018-03-02 13:13 - 003550208 ____A [960AE99A15B1C8C9FBDDDE97606478F9] (Microsoft Corporation) C:\ros\Documents\D3DCompiler_47.dll
2018-02-28 20:22 - 2018-02-28 20:23 - 001998168 ____A [86E39E9161C3D930D93822F1563C280D] (Microsoft Corporation) C:\ros\Documents\D3DX9_43.dll
2018-03-02 13:14 - 2018-03-02 13:14 - 003262432 ____A [8FAF2B624601E2E885749048515D6956] () C:\ros\Documents\errorrpt.exe
2018-02-21 20:20 - 2018-02-21 20:20 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\Documents\firstOpen
2018-02-21 20:16 - 2018-03-30 15:10 - 000000015 ____A [CFFF740C230BD4909F21579E6E231451] () C:\ros\Documents\firstPackVersion
2018-03-18 15:34 - 2018-03-18 15:34 - 005184044 ____A [427297B8FEF52EF81FF6275652359E7A] () C:\ros\Documents\gmcomplainedimg.tga
2018-02-21 20:16 - 2018-04-03 16:57 - 000000082 ____A [C30DDFAA25FC9B91D97B761FF0B76A94] () C:\ros\Documents\graphics_settings.txt
2018-02-21 20:16 - 2018-02-21 20:16 - 000000027 ____A [034F85B44BA3EA53B5F561B442787287] () C:\ros\Documents\language_setting.txt
2018-02-21 20:17 - 2018-02-22 17:29 - 000000034 ____A [5C34BDA7DF0535CB95896EC97DD5EE77] () C:\ros\Documents\loadingTutorial_setting.txt
2018-02-21 20:16 - 2018-03-09 15:12 - 000000176 ____A [B70B94A2E766FA72E7E6D17CF78167F5] () C:\ros\Documents\market_record_point.txt
2018-03-09 15:00 - 2018-03-09 15:00 - 003978208 ____A [F3ECCD3D71C2F3B50BFF399ACA5DD8E6] (网易互动娱乐有限公司) C:\ros\Documents\mpay_oversea.dll
2018-03-15 16:23 - 2018-03-15 16:23 - 000005956 ____A [FAE51709FEF5A7DD648A1F89537B00F1] () C:\ros\Documents\neox.xml
2018-03-09 15:04 - 2018-04-03 16:58 - 000000016 ____A [268A037C3EA4AD19084FAC28A8403760] () C:\ros\Documents\notice_once_config.txt
2018-03-09 15:00 - 2018-03-09 15:00 - 002097480 ____A [D77E83B3290056F3B8A2CA6828B3EB52] () C:\ros\Documents\NtUniSdkMpayOversea.dll
2018-03-02 13:14 - 2018-03-02 13:14 - 002071520 ____A [CBEE920C4E130FF14CACC66B7DE51F45] () C:\ros\Documents\NtUniSdkSteam.dll
2018-02-21 20:20 - 2018-02-21 20:20 - 000000058 ____A [D5216A666241C632DB100B5956EB8152] () C:\ros\Documents\operate_guide.txt
2018-02-22 17:29 - 2018-03-30 15:10 - 000000018 ____A [46669DD97F01EF3F86E3E7C5D7A692DE] () C:\ros\Documents\patchVersion
2018-03-21 23:14 - 2018-03-22 22:25 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\Documents\progress.hy
2018-03-09 15:00 - 2018-03-09 15:00 - 000241891 ____A [FE6F7F2C8DFCEA2C920F9C1B1CBC2D01] () C:\ros\Documents\rootcert.pem
2018-03-02 13:14 - 2018-03-22 22:26 - 016533472 ____A [95D6AEC26A9AD89CC834F1B65C8777FB] () C:\ros\Documents\ros.exe
2018-02-22 17:28 - 2018-03-30 15:07 - 007370492 ____A [FF0E154C131F159D5555827CEE505DC2] () C:\ros\Documents\script.npk
2018-03-02 13:14 - 2018-03-02 13:14 - 000219424 ____A [7B857C897BC69313E4936DC3DCCE5193] (Valve Corporation) C:\ros\Documents\steam_api.dll
2018-02-21 20:23 - 2018-04-03 16:59 - 000000071 ____A [121A70414B8E43B629E45C47F2AC36E9] () C:\ros\Documents\user_ccmini.txt
2018-02-21 20:17 - 2018-04-03 16:58 - 000000404 ____A [641E5D400A48890C8305D7E650350EF3] () C:\ros\Documents\user_info.txt
2018-02-21 20:17 - 2018-02-21 20:17 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\Documents\versionChange
2018-02-21 20:16 - 2018-03-30 15:10 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\res
2018-03-02 13:19 - 2018-03-30 15:10 - 000007184 ____A [8CBDB9C5B4D62CA69DA33CDF9B10610A] () C:\ros\Documents\res\animators.npk
2018-03-02 13:17 - 2018-03-30 15:10 - 146622340 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\Documents\res\character.npk
2018-03-09 15:02 - 2018-03-30 15:08 - 000641396 ____A [1267500CC159BA7C43C2A47DFF181119] () C:\ros\Documents\res\common.npk
2018-03-02 13:17 - 2018-03-30 15:08 - 005374832 ____A [26873F1592FAE2CFD212283C4FE24E46] () C:\ros\Documents\res\effect.npk
2018-03-02 13:17 - 2018-03-30 15:08 - 000065644 ____A [46CF4BA2E5175305BAA06D211ED7BEBF] () C:\ros\Documents\res\entities.npk
2018-02-22 17:29 - 2018-03-30 15:08 - 003263144 ____A [04F7EF2A55953A89774972D1A8299EF8] () C:\ros\Documents\res\item.npk
2018-03-02 13:17 - 2018-03-30 15:08 - 005252696 ____A [DEF3E554BFD4D117704D42AE59872284] () C:\ros\Documents\res\model.npk
2018-03-02 13:17 - 2018-03-30 15:08 - 063584880 ____A [6B27E80DD0F008A3BA422AB37DB0674A] () C:\ros\Documents\res\scene.npk
2018-02-24 17:20 - 2018-03-30 15:08 - 000033504 ____A [3AF09DE53580233F2521291B54C1B413] () C:\ros\Documents\res\shader.npk
2018-02-22 17:29 - 2018-03-30 15:07 - 044682300 ____A [10D72956A6CA558DE828511777EB8F89] () C:\ros\Documents\res\ui.npk
2018-03-02 13:15 - 2018-03-30 15:07 - 011076196 ____A [66889E531717820A34A0A6F86B367092] () C:\ros\Documents\res\vehicle.npk
2018-03-02 13:15 - 2018-03-30 15:07 - 006016676 ____A [CA93FB4170B494EAAC7783C78EC83DF9] () C:\ros\Documents\res\weapon.npk
2018-03-02 13:17 - 2018-03-30 15:08 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\res\sound
2018-03-02 13:17 - 2018-03-02 13:17 - 000055872 ____A [6448AD29D4DC6F0CFABF89DD0C1FF774] () C:\ros\Documents\res\sound\act_slide_cable.fsb
2018-03-30 15:08 - 2018-03-30 15:08 - 001328448 ____A [2AFE3CAF99A0B3014260C0131A9BBF85] () C:\ros\Documents\res\sound\attack_new.fsb
2018-03-30 15:08 - 2018-03-30 15:08 - 000121088 ____A [BAFF2D81F1CFFA90196753DB821A405A] () C:\ros\Documents\res\sound\car_foley.fsb
2018-03-30 15:08 - 2018-03-30 15:08 - 000023392 ____A [DE30F86F88F621A029100F3BF8285391] () C:\ros\Documents\res\sound\car_horns.fsb
2018-03-02 13:17 - 2018-03-02 13:17 - 000062880 ____A [7F50365E1A70F1763F4096AF42AB66B2] () C:\ros\Documents\res\sound\cutscene_shop.fsb
2018-03-30 15:08 - 2018-03-30 15:08 - 000038848 ____A [258FDA128D245FFC79657E1BC386B590] () C:\ros\Documents\res\sound\foot_dts_water.fsb
2018-03-30 15:08 - 2018-03-30 15:08 - 000273088 ____A [B1D2A8FAC82D92A3E3DE86A30CB62F91] () C:\ros\Documents\res\sound\fpp_weapon_reloads.fsb
2018-03-02 13:17 - 2018-03-02 13:17 - 000107680 ____A [282826239F1DF246B589E659EC49981C] () C:\ros\Documents\res\sound\item_firecracker.fsb
2018-03-02 13:17 - 2018-03-02 13:17 - 000196416 ____A [2BDFD7BB683AF6BA0337FC9DDF6E9BA5] () C:\ros\Documents\res\sound\mokolov.fsb
2018-03-22 22:29 - 2018-03-22 22:29 - 000054784 ____A [2F0C5F46B6773B581DB040208B882B15] () C:\ros\Documents\res\sound\toy_general.fsb
2018-03-22 22:29 - 2018-03-22 22:29 - 000259040 ____A [5C75C205FAF4A66610E27A3FF3E69D32] () C:\ros\Documents\res\sound\toy_roboradio.fsb
2018-03-02 13:17 - 2018-03-30 15:07 - 000441190 ____A [DC44B0E902CDF248C0D0FC7E2F394631] () C:\ros\Documents\res\sound\tps.fev
2018-03-02 13:17 - 2018-03-30 15:07 - 000441190 ____A [DC44B0E902CDF248C0D0FC7E2F394631] () C:\ros\Documents\res\sound\tps_low_dts.fev
2018-03-02 13:17 - 2018-03-02 13:17 - 000616064 ____A [143BF502FF7204DE82B98DB11B5F6B06] () C:\ros\Documents\res\sound\vo_new_year.fsb
2018-03-30 15:07 - 2018-03-30 15:07 - 000773376 ____A [C96CE2AE688D4628C2EA2E4644E70249] () C:\ros\Documents\res\sound\wp_m32.fsb
2018-03-30 15:07 - 2018-03-30 15:07 - 000212992 ____A [8E77D10BC3143410F6959472C6C812A9] () C:\ros\Documents\res\sound\wp_rpg.fsb
2018-03-30 15:07 - 2018-03-30 15:08 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\res\sound\music
2018-03-30 15:07 - 2018-03-30 15:07 - 000027880 ____A [6799C53B19EEF3B7D9EC0F7AF817CCE0] () C:\ros\Documents\res\sound\music\music.fev
2018-03-30 15:07 - 2018-03-30 15:07 - 000484192 ____A [8EDFB4592371397542D26DF65F79C7CB] () C:\ros\Documents\res\sound\music\music_win_number2-5_v1.fsb
2018-02-21 20:16 - 2018-02-21 20:16 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\res\ui
2018-02-21 20:16 - 2018-02-21 20:16 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\res\ui\qrcodes
2018-02-21 20:16 - 2018-02-21 20:16 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\Documents\voice_data
2018-03-02 13:21 - 2018-03-22 22:32 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\dumps
2018-03-02 13:21 - 2018-03-02 13:21 - 000162077 ____A [35CFC15FF930DA2C0CDBB11718A304F0] () C:\ros\dumps\neox-20180302-132147-0.dmp
2018-03-02 14:13 - 2018-03-02 14:13 - 000160329 ____A [16D6B6D9CE3A874885F3BEB63CD39FA9] () C:\ros\dumps\neox-20180302-141331-0.dmp
2018-03-09 15:03 - 2018-03-09 15:03 - 000159247 ____A [D5DC5419DECFA9C0170F3C668C69900F] () C:\ros\dumps\neox-20180309-150329-0.dmp
2018-03-09 15:04 - 2018-03-09 15:04 - 000174223 ____A [22DCF4026E7C6BFF47FD79B93C254AB5] () C:\ros\dumps\neox-20180309-150407-0.dmp
2018-03-15 16:27 - 2018-03-15 16:27 - 000163663 ____A [810973DBC1222339AFABB60ECDE6E138] () C:\ros\dumps\neox-20180315-162720-0.dmp
2018-03-21 23:14 - 2018-03-21 23:14 - 000182505 ____A [3F815EA4DC00E2022F8FEC7162AAE7C8] () C:\ros\dumps\neox-20180321-231455-0.dmp
2018-03-22 22:32 - 2018-03-22 22:32 - 000159045 ____A [2B396D6196F34C7DF5934EE64501E7C3] () C:\ros\dumps\neox-20180322-223227-0.dmp
2018-02-21 20:20 - 2018-02-21 20:20 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\NtUniSDK
2018-02-21 20:20 - 2018-02-21 20:20 - 000000112 ____A [B6413B945FC998AF4489ADEBFC5B9C9F] () C:\ros\NtUniSDK\14FC6D610E52FE50359F753A1842975E
2018-02-21 20:20 - 2018-02-21 20:20 - 000019700 ____A [D122F1ABE45B97DDB747048F7E38BE82] () C:\ros\NtUniSDK\C54F0D22BCEBC5B5F04D00DDA322FDA6
2018-02-21 20:14 - 2018-02-21 20:15 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\res
2018-02-21 20:14 - 2018-02-13 16:45 - 000064204 ____A [33668387708E8E0BF0C1998F20E0CF76] () C:\ros\res\angsd___.ttf
2018-02-21 20:14 - 2018-02-13 16:49 - 000053012 ____A [7CF4BDFAB762BF53F16D736918549A6D] () C:\ros\res\animators.npk
2018-02-21 20:14 - 2018-02-13 16:45 - 000175956 ____A [D20BA4EAAF26B7033DA05FD59ED020AB] () C:\ros\res\arialn.ttf
2018-02-21 20:14 - 2018-02-13 16:49 - 294827552 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\res\character.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 004232088 ____A [CF4D693C92A2D98B5C289AB67519932D] () C:\ros\res\common.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 000227940 ____A [E7D9BE7AAC790EBF9D54AD524103068D] () C:\ros\res\decal.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 024537964 ____A [CEAD534D5E094404A6A585E6552DC3CF] () C:\ros\res\effect.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 002911704 ____A [8EAF7B787A1BE7EA7B1A5AF7363C47C5] () C:\ros\res\emote.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 000162720 ____A [3A58C739C6C9B2DE5A4EBB6CC892F7AF] () C:\ros\res\entities.npk
2018-02-21 20:15 - 2018-02-13 16:45 - 003985368 ____A [C57BB1F377591DF167AF36B1B813835B] () C:\ros\res\huakangxinzongyi.ttf
2018-02-21 20:15 - 2018-02-13 16:45 - 016490072 ____A [1927D0C1724A7FBC7FF54BD57B02C364] () C:\ros\res\huakangyuanti.ttc
2018-02-21 20:15 - 2018-02-13 16:45 - 000214808 ____A [5D42827117405E1905AA2342A3119816] () C:\ros\res\impact.ttf
2018-02-21 20:15 - 2018-02-13 16:49 - 020137352 ____A [F17297EDA54014378179892CF560516F] () C:\ros\res\item.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 138026068 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\res\model.npk
2018-02-21 20:15 - 2018-02-13 16:45 - 000000015 ____A [7BE3A9D6E8C9A584E70EAED2F6919FDE] () C:\ros\res\npk_manifest.xml
2018-02-21 20:15 - 2018-02-13 16:49 - 000102916 ____A [E8E66CC625CFDBFAE0CC1C1E22B68C9F] () C:\ros\res\props.npk
2018-02-21 20:15 - 2018-02-13 16:49 - 000063832 ____A [A6CC97B860400E60FAADF0A93BE72BEA] () C:\ros\res\roads.npk
2018-02-21 20:15 - 2017-12-28 13:25 - 000230412 ____A [DB624456B934EC642E2CE2BF73F5274F] () C:\ros\res\ros.ico
2018-02-21 20:15 - 2018-02-13 16:49 - 000014396 ____A [EA6E23A07AEA17CB22816640963084F7] () C:\ros\res\scenario.npk
2018-02-21 20:15 - 2018-02-13 16:50 - 371757276 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\res\scene.npk
2018-02-21 20:15 - 2018-02-13 16:50 - 000752420 ____A [7D76E9C0E712D81C6AD9C7004426DAE7] () C:\ros\res\shader.npk
2018-02-21 20:15 - 2018-02-13 16:45 - 000626056 ____A [46075E1323492EF9CD8E28F9C144439C] () C:\ros\res\sukhumvitset.ttc
2018-02-21 20:15 - 2018-02-13 16:50 - 005846904 ____A [4133789519758D0CAB57DC31D89D65B8] () C:\ros\res\textures.npk
2018-02-21 20:15 - 2018-02-13 16:51 - 151583528 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\ros\res\ui.npk
2018-02-21 20:15 - 2018-02-13 16:51 - 050854760 ____A [59E120FDCE9EFB639BA9E0939433489F] () C:\ros\res\vehicle.npk
2018-02-21 20:15 - 2018-02-13 16:45 - 000000016 ____A [6046E46DF2619F14225CBFBD1E33CDD6] () C:\ros\res\version
2018-02-21 20:15 - 2018-02-13 16:51 - 034623880 ____A [DAC8636C9A181791C82CF5ACEDD58431] () C:\ros\res\weapon.npk
2018-02-21 20:15 - 2018-02-21 20:15 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\res\sound
2018-02-21 20:15 - 2018-02-13 16:49 - 000055680 ____A [37A2E2E4569B902AE35431E808F32BFC] () C:\ros\res\sound\act_slide_cable.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000294752 ____A [BB4211546774730B6FE44C270EE74914] () C:\ros\res\sound\airplane.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000560960 ____A [71C6BEA10B75445B322F8F65172658BC] () C:\ros\res\sound\amb_dts_day.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000435104 ____A [DCE1A5A1488E501745409D40859B8005] () C:\ros\res\sound\amb_dts_night.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000077632 ____A [E404DC1AAD0B980255856EEF8240EF61] () C:\ros\res\sound\amb_shallowwater.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000010272 ____A [C33115F1FAFC8C1DFCA13FB4B96DEB65] () C:\ros\res\sound\attack.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001354528 ____A [E881006640C17A628D416616FFDA43CE] () C:\ros\res\sound\attack_new.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000011104 ____A [D3E7F9625D7346DAB2AE8BE309A1657C] () C:\ros\res\sound\attack2.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000021344 ____A [1B933A25BA8E8F849354A4BAA5BDCAAA] () C:\ros\res\sound\bullet_whoosh.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000062944 ____A [93C36EB3D54274F50579E3F9E85B4576] () C:\ros\res\sound\bulshell_01.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000130464 ____A [8571D83F504B30A1B66609E150E9308F] () C:\ros\res\sound\bulshell_02.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000049152 ____A [1EC0E0E2D1598D30BD9BD3B93AEDD9D0] () C:\ros\res\sound\bulshell_03.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000781600 ____A [A9613940669F6B6D74C214B2E076B918] () C:\ros\res\sound\car_bigfoot1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000176288 ____A [07B51335F024EDB12085CE5F68E1105D] () C:\ros\res\sound\car_boat.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000144864 ____A [20E46EEA9E245101668BB294CB0D95FB] () C:\ros\res\sound\car_bryan.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000122848 ____A [0B506B758FD2D858449FB6996733819D] () C:\ros\res\sound\car_foley.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 007003488 ____A [68EE3D3C1184ECD80BA71612C6F66CF3] () C:\ros\res\sound\car_ford.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000360320 ____A [AC8AC3AFB9A62FA54EB0BB28BADC22CF] () C:\ros\res\sound\car_glider.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000173248 ____A [816FF60F61A71AA955CAA78FA3AC14A3] () C:\ros\res\sound\car_hoverboat.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001736768 ____A [7C0F50A45397EB6D6A172357D5535DC5] () C:\ros\res\sound\car_lambo.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001828384 ____A [BEFD9676E72417D313EFB46DFF4BAE56] () C:\ros\res\sound\car_moto.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000460416 ____A [07D328F67993410B6860BF74C5756D13] () C:\ros\res\sound\car_ofo.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 006813120 ____A [F63F133FADA0B16E0A986B57198BD9A2] () C:\ros\res\sound\car_tianwang.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000201920 ____A [3CD39F77D291E1BE8E3674AC54EC0307] () C:\ros\res\sound\car_tricycle.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000090016 ____A [CBF0AF8E5F0FB22D20F11FE331A4ADD5] () C:\ros\res\sound\dts_zombie.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000155104 ____A [0ABE17CF558E40B158F3CA9EAFF5D5E3] () C:\ros\res\sound\exp_grenade.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000391520 ____A [0875E354938BAC80333D43837EA14A15] () C:\ros\res\sound\exp_red_zone.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000212352 ____A [D2D713CA9377B7DA99EAE3C70324C943] () C:\ros\res\sound\explode.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000061216 ____A [273AF32267A767FE5B817138C4BFE069] () C:\ros\res\sound\explode_skill_airplane.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000087520 ____A [14D531384679E7B292121035BA2EFF9D] () C:\ros\res\sound\explode_skill_bomb.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000159584 ____A [5DA2C36A424AD47A59B59595E846EB2F] () C:\ros\res\sound\foot.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000056064 ____A [10EEF812D457194491109A9AB9E44FCD] () C:\ros\res\sound\foot_dts.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000116768 ____A [B6D3C52F547A5D94B712A401B4E5FDA2] () C:\ros\res\sound\grenade_chicken.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000038368 ____A [AE042ACADD06A25B3B2BB83847634E8A] () C:\ros\res\sound\gun_aa12.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000170752 ____A [A31534EA83B7CEA524640BA881D47639] () C:\ros\res\sound\gun_fblc.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000058496 ____A [84360C34E2A5C22C1D1EF2C60BE7D37F] () C:\ros\res\sound\gun_m134.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000046432 ____A [BC0432C57C993CE70BB0423F0DEDCA0A] () C:\ros\res\sound\gun_m249.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000038208 ____A [44F2786CEDF3D11D0C082D9404CEDB8A] () C:\ros\res\sound\gun_m870.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000746592 ____A [3C3618E95D17E14DA9DB5E43FD2B0720] () C:\ros\res\sound\impact.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000311936 ____A [EDBF965440F0CC608BA9FD60E3FBB9EF] () C:\ros\res\sound\item_mine.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000013792 ____A [A9653D2C82B0197975516EAD4F29F0B9] () C:\ros\res\sound\melee_axe.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000086944 ____A [433DA3F695C31B3C8C5386BEAB16E96A] () C:\ros\res\sound\melee_chicken.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000011840 ____A [A5F2ADDFE20340303AE047F47B44E9B9] () C:\ros\res\sound\melee_knife.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000016448 ____A [D3526BCF009A3BB4B7B3930833DB38D0] () C:\ros\res\sound\melee_pan.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000013792 ____A [74EDDF34D1FAE974229C820F5DEB5B30] () C:\ros\res\sound\melee_stick.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000219648 ____A [E74063794EF655AAC2B8B62EA4E6445B] () C:\ros\res\sound\mokolov.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000145792 ____A [E4289D3027DBFA7BEA457B4CE443C809] () C:\ros\res\sound\monster_boss.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000032864 ____A [B4253FB0A6E62BDE7F7D148AE8320111] () C:\ros\res\sound\monster_chaojishibing.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001248480 ____A [919126BC45C7315B7D690F6F175AA24E] () C:\ros\res\sound\monster_jixiezhanshi.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000114624 ____A [5F1CB2F3848B5DFBAD31AB9F5BBE9BFE] () C:\ros\res\sound\monster_leishake.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000216768 ____A [0CBE3375536D836E1A7D2CAF5D7A7EEC] () C:\ros\res\sound\monster_sgzy.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000732064 ____A [A1A051071B86F782EFD37657E9F22F6B] () C:\ros\res\sound\monster_shalujiqiren.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000074496 ____A [AA98609F130476A2D7C0096973F09D04] () C:\ros\res\sound\monster_wrj.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000210112 ____A [1FF6A6B52F70D1E79403200EA2ABE91D] () C:\ros\res\sound\monster_xiaoguai.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000011648 ____A [CD8B5313B5E1E3A8F4B7E84DE3903DDA] () C:\ros\res\sound\monster_zombie.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000041440 ____A [0851263EA93BC852ACA8E85E2E8CD916] () C:\ros\res\sound\sfx.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000046976 ____A [4048EA9C962B757E97E6EB24E67AE536] () C:\ros\res\sound\shsd_shotgun.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000052096 ____A [13D35639FA989E49760248991A72B9D7] () C:\ros\res\sound\static_door.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000117632 ____A [A5C60EEF00FA7B367EA8D8A27F3E7246] () C:\ros\res\sound\swpn_super_sniper.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000537408 ____A [162444B60772C479D50EEAEF4FE2BE1A] () C:\ros\res\sound\tower.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000384396 ____A [B8FFB739966DAC8872C876C42D6DBBE6] () C:\ros\res\sound\tps.fev
2018-02-21 20:15 - 2018-02-13 16:49 - 000422806 ____A [1B91E50830BA7B439CE0AFE9FB0142A9] () C:\ros\res\sound\tps_low_dts.fev
2018-02-21 20:15 - 2018-02-13 16:49 - 000063328 ____A [7DA3F1A531897C23BC0145D7CF4EE2AA] () C:\ros\res\sound\ui_general.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000201536 ____A [7C2457485CD603E3CE10ED540C531179] () C:\ros\res\sound\ui_hall.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000390816 ____A [8E425C1FF96F118D78A2BC8BC7F24ADA] () C:\ros\res\sound\ui_ingame.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000125024 ____A [0F39C90E3CADB106AA29557CB29D747E] () C:\ros\res\sound\ui_newseason.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000066528 ____A [D04E81DDD1453D0FA1BC413D68AC3337] () C:\ros\res\sound\ui_trivia.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 002927712 ____A [45C8181551E2246DFDC22AB3C58EC807] () C:\ros\res\sound\vo_daniel.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000042176 ____A [F8ABD45E6FE265E87649CFCB50768C20] () C:\ros\res\sound\vo_dts_male.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000148096 ____A [E50F998E9E2E99FA3C9EFBC49E519A51] () C:\ros\res\sound\vo_duihua.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000167744 ____A [27CA03C0942DD678EA017BB762F0EBEF] () C:\ros\res\sound\vo_f.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000491648 ____A [B4DF621A157D4AB8491449AAEED8AC12] () C:\ros\res\sound\vo_jishubing.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000146784 ____A [DA545281DA4FA9D4C374ACA8737FBA83] () C:\ros\res\sound\vo_mary.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000774432 ____A [5D230C36DEBACEBB0C786E29B66C7BCC] () C:\ros\res\sound\vo_mary_npc.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000012960 ____A [87C10179871C4089950DBC3AF3979589] () C:\ros\res\sound\vo_monster_man1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000019936 ____A [03E6BC48727F36BBF9558BDEB27DFD6E] () C:\ros\res\sound\vo_monster_man2.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000022432 ____A [CA19FBFBB18AF4774DA6AB5FBD9F4EC3] () C:\ros\res\sound\vo_monster_man3.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000009312 ____A [768652EC9489A4259214989762239638] () C:\ros\res\sound\vo_monster_man4.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000047104 ____A [D88A16C5B58E9A99488C3FFA824AF503] () C:\ros\res\sound\vo_monster_mechanic1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000051232 ____A [F569E10C37BB333D4422034DDC3B0764] () C:\ros\res\sound\vo_monster_mechanic2.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000056352 ____A [3558710B94990A6DEC5DA502B547619E] () C:\ros\res\sound\vo_monster_mechanic3.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000056672 ____A [1DBA2221DE6A6B6DA62B20A82FCC974B] () C:\ros\res\sound\vo_monster_robot.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000040896 ____A [88CE2159BA1F302ABD3CDAB23F3AD1F4] () C:\ros\res\sound\vo_monster_robotman1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000011232 ____A [B6A21447A0B3236C3576B0A2B9348E46] () C:\ros\res\sound\vo_monster_zombie1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000034336 ____A [BF55B8EAE6664A69D3E7F04CA3B0CCB7] () C:\ros\res\sound\vo_monster_zombie2.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000074560 ____A [61BE3ECBE80CDE1134D41847D72E9D9A] () C:\ros\res\sound\vo_npc.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000044736 ____A [C6E2166039066A66AF2B1B8476590CE9] () C:\ros\res\sound\vo_npc_baoposhou.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000152192 ____A [271E819C325F6D2EEDF1C493C9659A19] () C:\ros\res\sound\vo_npc_chaojishibing.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000035200 ____A [EBE3512EA6F4BD5308C0E1A63479531D] () C:\ros\res\sound\vo_npc_gangtiexianfeng.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000055488 ____A [EE04973A08029DF517F0F5B6C8ADA40F] () C:\ros\res\sound\vo_npc_jieluezhe.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001463744 ____A [4F0AF54DBC0FA90A2BD75489DC62ABF8] () C:\ros\res\sound\vo_npc_new.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000039872 ____A [B71A6489371F44651944F0BAF8CEE2DF] () C:\ros\res\sound\vo_npc_zhongzhuangkuangtu.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000416320 ____A [EC1165BA72407A8E2A55E337FD2118DB] () C:\ros\res\sound\vo_npc_zhouye1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000430080 ____A [29ED954123B0CF1B74508B2448B0F112] () C:\ros\res\sound\vo_npc_zhouye2.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000649440 ____A [FBB9A5B907241BE7CA8A5C5151E0363D] () C:\ros\res\sound\vo_npc_zhouye3.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000580832 ____A [F2FEABF80F68C73956348600F4972331] () C:\ros\res\sound\vo_npc_zhouye4.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000325120 ____A [4859846DFD783B2C5AFF21EB67995FAD] () C:\ros\res\sound\vo_npc_zombie.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000121632 ____A [78DD05DB359CBF2F1057EFA4A733EDCF] () C:\ros\res\sound\vo_pc_zhongjiezhe.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000274496 ____A [7713532CD5D1FE8F9014C86F00768B13] () C:\ros\res\sound\vo_shouweitoumu.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000468224 ____A [37F797770FEAA9710F75F616E2D4B79A] () C:\ros\res\sound\vo_tongxunyuan3.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000121792 ____A [052EBE7665A1224CEE11EDE3930988D7] () C:\ros\res\sound\vo_tongxunyuan4.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000754624 ____A [ECE1506C1233F43A7D168DE0C2FB7723] () C:\ros\res\sound\vo_victor.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000910016 ____A [311FA764C3385D61F8675A74855111CA] () C:\ros\res\sound\vo_yindao.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 003752480 ____A [775DC37690966522AC04EB978C6D8A10] () C:\ros\res\sound\vo_yindao_dts.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000086144 ____A [845F069AB92BD321CEA58DAC02F810C5] () C:\ros\res\sound\wep_aa12.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000228448 ____A [938FE1034FB9C9A1FA450C494F2A9E35] () C:\ros\res\sound\wep_ak47.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000189440 ____A [348254FE565E2963540F158932FD039C] () C:\ros\res\sound\wep_ar15.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000128128 ____A [03F3AC61117746737AAFFA8135BCF9D3] () C:\ros\res\sound\wep_awm.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000079232 ____A [E16E1464C0C0CD39D7CB09AED6985743] () C:\ros\res\sound\wep_colt.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000056768 ____A [D77E39C89FA4F0F24863373D4DDD04B7] () C:\ros\res\sound\wep_g18c.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000183680 ____A [E32D0D637D05C7E24BED2BA5B901A820] () C:\ros\res\sound\wep_m14.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000046432 ____A [B560C9B30CCE2928B9EABC4F2261DC6E] () C:\ros\res\sound\wep_m1887.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000167872 ____A [3B630DC75ED5A9B65DA6FC88F1C1B492] () C:\ros\res\sound\wep_m249.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000176288 ____A [D2EE234A562B26D4E790617D92549CA2] () C:\ros\res\sound\wep_m4a1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000158016 ____A [CF556225383E942BE587FFC77661A5E1] () C:\ros\res\sound\wep_m82a1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000044768 ____A [8CE33D240FF24B02F5130C56B6B40623] () C:\ros\res\sound\wep_m870.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000052032 ____A [BE09FE80164767DA893DF827B9F2D3D7] () C:\ros\res\sound\wep_m9.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000158880 ____A [7CFC4139EB6E334E2A0055D1FC5992AF] () C:\ros\res\sound\wep_mp7.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000176704 ____A [2D62070A5BE919F0D08500403E8E531B] () C:\ros\res\sound\wep_pp19.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000292832 ____A [942CA7DB4BC1CE0C1E8934032E580194] () C:\ros\res\sound\wep_thompson.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000024128 ____A [8B00B6B1611A8768EC3EE5D5E0F730E0] () C:\ros\res\sound\whoosh_action.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000012832 ____A [20A7AF8521E17F3E025BDE982B46F187] () C:\ros\res\sound\whoosh_bulet.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000011232 ____A [72E6D0676511E6D437B8E831D25F2305] () C:\ros\res\sound\whoosh_laser.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000193024 ____A [7AAC3C1118FE9CDF21539920B15E1DCA] () C:\ros\res\sound\wp_acr.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000187488 ____A [80BA00173DC2FDD7D0DF98785D3FBA5F] () C:\ros\res\sound\wp_an94.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000196128 ____A [87F5525DB397B092ECABA71A7364363E] () C:\ros\res\sound\wp_aug.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000048672 ____A [2EF2BC7F89A9450B66B97CE246878544] () C:\ros\res\sound\wp_chicken.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000111648 ____A [8D9297F9041C974190E79E88888FAAC6] () C:\ros\res\sound\wp_gatling.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000004160 ____A [12338E1A1486AD40130DB102080519A2] () C:\ros\res\sound\wp_laser.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000154240 ____A [1D620BD7F61FAD7A810AA91A1D23CE5F] () C:\ros\res\sound\wp_m110.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000388192 ____A [E781471847A9E85B31F7A5744ABA3C6B] () C:\ros\res\sound\wp_m16a1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000100288 ____A [CA782014758888ECE1EB29074B079F8F] () C:\ros\res\sound\wp_m4a1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000048352 ____A [096B34300F8D77EFC63C0BE7CF807B5D] () C:\ros\res\sound\wp_machin.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000032864 ____A [B72997121646D2DC616EBE54E806AF47] () C:\ros\res\sound\wp_melee_water.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000017952 ____A [2741C376964E92DF98AE73E84B76824C] () C:\ros\res\sound\wp_mg3.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000273024 ____A [549102B728E3DA6F292C5BABD1A6DE48] () C:\ros\res\sound\wp_p90.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000120864 ____A [232EAB9009AFAC44B212816744915A7A] () C:\ros\res\sound\wp_qbu88.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000209856 ____A [50B32E2D73A381BFB8956832E98F5ED0] () C:\ros\res\sound\wp_rpg.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000057696 ____A [D2B7C4E7F42DF800F384CC6951634427] () C:\ros\res\sound\wp_saigel12.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000185184 ____A [B2C682DBFF97490F6EE847472F03C351] () C:\ros\res\sound\wp_svd.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000195584 ____A [5E49E636C983A6E401EB6E4DDDEC2D23] () C:\ros\res\sound\wp_val.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000222400 ____A [28A9DFC1D67E34D523E9593A0A450ED1] () C:\ros\res\sound\wp_vector.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000065824 ____A [474814D00911514F4319C0B721CF6F82] () C:\ros\res\sound\wp_wro.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000015008 ____A [52F5B5CBB725D43DFF7728E2F3E12A5E] () C:\ros\res\sound\wpn_awm.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000073440 ____A [D284ED13EAA5CF568765C2D1B75F7CD2] () C:\ros\res\sound\wpn_m134titan.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000114400 ____A [9140FC6F18089A8989D5B7D7A11BC8B2] () C:\ros\res\sound\wpn_player.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000117056 ____A [FF4949A33DD78DC3398A72FA50BD9562] () C:\ros\res\sound\wpn_shenpanhuopao.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000034208 ____A [8679184CE01D231E22025869AF8EBA53] () C:\ros\res\sound\wpn_super_rpg.fsb
2018-02-21 20:15 - 2018-02-21 20:15 - 000000000 ____D [00000000000000000000000000000000] () C:\ros\res\sound\music
2018-02-21 20:15 - 2018-02-13 16:49 - 000026512 ____A [358EBE9DABE28BFF074668BD68CB1515] () C:\ros\res\sound\music\music.fev
2018-02-21 20:15 - 2018-02-13 16:49 - 021801408 ____A [1551EE81BED913D1909E45C1C34A3CBF] () C:\ros\res\sound\music\music.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 005018592 ____A [DEC285A59C7F0ED06FB1164C93AE1D46] () C:\ros\res\sound\music\music_cutscene.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000093536 ____A [CCFD74D9FAB1693287F9CEE9C233A259] () C:\ros\res\sound\music\music_dead_v1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000447616 ____A [4DA375298F110283EFDB197017A47863] () C:\ros\res\sound\music\music_fly_part_a_loop.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000464192 ____A [22EFD389D84AB37EBD741C9FD0558AAC] () C:\ros\res\sound\music\music_fly_part_b_loop.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000633408 ____A [7A9823233B173D36BB2187D00C813A1C] () C:\ros\res\sound\music\music_fly_part_c_oneshot.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001502496 ____A [F2BB2A1527FBA45D941A30C3738B74A8] () C:\ros\res\sound\music\music_landing_v1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 008416512 ____A [4DE5079644BB6BDB26CC2F131E7EDBA7] () C:\ros\res\sound\music\music_pve_fuben.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 004486272 ____A [07CE12EDB3B981BC263611EF41684980] () C:\ros\res\sound\music\music_pvp.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001157920 ____A [2D90C407E35583B0CC5FAE7305D62FD9] () C:\ros\res\sound\music\music_stage_freestyle_get_down.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001186752 ____A [9DCF8C0A6BEBD4FAD4186488F5C5F19F] () C:\ros\res\sound\music\music_stage_song_chiji_wangrong.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001315968 ____A [75F79EF671862788A5B02BD4CE05572C] () C:\ros\res\sound\music\music_stage_stage_route66.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000994784 ____A [B9EBA843738503E866CEE013856F6628] () C:\ros\res\sound\music\music_stage_youd_better_get_ready.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 000335968 ____A [CBA85247216FF9B16A9DD42F1AD6C79A] () C:\ros\res\sound\music\music_win_number1_v1.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001288320 ____A [87EAD48E5B79AAE71BCF0649DFFB239D] () C:\ros\res\sound\music\music_zhujiemian_spring.fsb
2018-02-21 20:15 - 2018-02-13 16:49 - 001575424 ____A [91332B7DB58F420EAA2242E2AB8CD3F5] () C:\ros\res\sound\music\music_zhujiemian_v1.fsb
 
====== End of Folder: ======
 
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => removed successfully
"C:\Windows\SECOH-QAD.dll" => not found
"c:\windows\prefetch\kmspico_setup.tmp-0a6b3484.pf" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44745531 B
Java, Flash, Steam htmlcache => 35171064 B
Windows/system/drivers => 10057628 B
Edge => 50176 B
Chrome => 566860890 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 170984 B
systemprofile32 => 0 B
LocalService => 43234 B
NetworkService => 387976 B
PC => 896077793 B
 
RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-04-2018 16:41:20)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
 
==== End of Fixlog 16:41:20 ====


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 04 April 2018 - 12:51 PM

Leadless:
 
Thank you for your post.  I removed the Manually Proxy settings and restored your computer to default Internet connectivity settings as a part of the FRST "fixlist" script.
 
OK, VirusTotal did reveal that you have a trojan downloader .ini file, so I will get rid of that, and then we will run some standard anti-malware scans to check for any more malware that might not have been detected by the FRST scan.
 
.
 
:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.




Start::
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\InstallShield\Update\isuspm.ini
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step4: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 05 April 2018 - 02:23 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC (05-04-2018 15:20:25) Run:2
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\InstallShield\Update\isuspm.ini
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\InstallShield\Update\isuspm.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-04-2018 15:21:29)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520ED47D-5328-4022-8397-2F648FC091E4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
 
==== End of Fixlog 15:21:29 ====


#11 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 05 April 2018 - 03:09 AM

C:\FRST\Quarantine\C\ProgramData\InstallShield\Update\isuspm.ini.xBAD JS/TrojanDownloader.Agent.RHX trojan cleaned by deleting
C:\Windows\System32\Tasks\Optimize Thumbnail Cache Files Win32/Runner.NCW trojan cleaned by deleting


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 05 April 2018 - 03:32 AM

Leadless:

 

Thank you for the FRST "fixlog.txt" results and also for the ESET scan results.

 

Awaiting the Malwarebytes and AdwCleaner scan results, when you have had a chance to run those scans.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 05 April 2018 - 03:33 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/5/18
Scan Time: 4:15 PM
Log File: 7f00a406-38a9-11e8-ae70-e0d55e48cbbe.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4624
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: DESKTOP-9B2CIK5\PC
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 295168
Threats Detected: 16
Threats Quarantined: 16
Time Elapsed: 4 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 7
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler, Quarantined, [3817], [261680],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{40D17B5B-A31B-4B85-8907-AB3534598A96}, Quarantined, [3817], [261680],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{40D17B5B-A31B-4B85-8907-AB3534598A96}, Quarantined, [3817], [261680],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC6EE6D7-D812-4DA9-8FE4-535ADE9D916D}, Quarantined, [3817], [328819],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FC6EE6D7-D812-4DA9-8FE4-535ADE9D916D}, Quarantined, [3817], [328819],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Optimize Thumbnail Cache Files, Quarantined, [3817], [328819],1.0.4624
 
Registry Value: 8
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4241098779-1380022037-623437125-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4241098779-1380022037-623437125-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [3817], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{40D17B5B-A31B-4B85-8907-AB3534598A96}|PATH, Quarantined, [3817], [261682],1.0.4624
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC6EE6D7-D812-4DA9-8FE4-535ADE9D916D}|PATH, Quarantined, [3817], [328818],1.0.4624
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Hijack.AutoConfigURL.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\InstallShield® Update Service Scheduler, Quarantined, [3817], [261680],1.0.4624
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:41 PM

Posted 05 April 2018 - 03:39 AM

Leadless:

 

Thank you for the Malwarebytes scan results.  It went after some more bad proxy entries.

 

Awaiting the AdwCleaner scan results.

 

After that scan has run, and you have cleaned the unwanted entries, please reboot your computer and let me know how it is operating now.  If there are still issues, please describe them in as much detail as possible, including any error codes or messages.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 Leadless

Leadless
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 05 April 2018 - 03:44 AM

# AdwCleaner 7.0.8.0 - Logfile created on Thu Apr 05 08:38:24 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Tencent
Deleted: C:\ProgramData\Application Data\Tencent
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted: C:\Users\All Users\Tencent
Deleted: C:\Users\PC\AppData\Roaming\Tencent
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D36A8180-F256-4A1D-BCCC-0F61A0675345}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{95D7F480-6A33-4F51-8186-A1351FADF986}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C4334719-89CD-4445-B6FA-A1144000D3A8}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9F1DDE7F-5E77-4037-BF93-9CBD649DFBBC}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{034ADF95-3EA5-428A-8AA4-E922BDC3F86D}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D953ED50-4D21-4556-8BC0-3BA3E498B478}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2347 B] - [2018/4/5 8:35:42]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users