ShiroTada

Btw Aura, I believe I have the "sysWOW64" virus on my pc as well.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Color (30-06-2017 19:34:58) Running from C:\Users\Color\Downloads Windows 10 Home Version 1703 (X64) (2017-05-25 05:17:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2347271913-121742815-75832369-500 - Administrator - Enabled) => C:\Users\Administrator Color (S-1-5-21-2347271913-121742815-75832369-1009 - Administrator - Enabled) => C:\Users\Color Dallin (S-1-5-21-2347271913-121742815-75832369-1007 - Administrator - Enabled) => C:\Users\Dallin DefaultAccount (S-1-5-21-2347271913-121742815-75832369-503 - Limited - Disabled) Denve (S-1-5-21-2347271913-121742815-75832369-1003 - Limited - Disabled) Guest (S-1-5-21-2347271913-121742815-75832369-501 - Limited - Disabled) lulrn (S-1-5-21-2347271913-121742815-75832369-1002 - Administrator - Enabled) => C:\Users\lulrn ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 100% Orange Juice (HKLM\...\Steam App 282800) (Version: - Orange_Juice) Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - ) Discord (HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North) Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve) HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346047\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049929\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346477\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052227\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mine-imator version 1.0.6 (HKLM-x32\...\{EF61A1AA-5F85-4E94-ACC6-D5650A312AE6}}_is1) (Version: 1.0.6 - David Norgren) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) osu! (HKLM-x32\...\{2dd4ffed-5d15-4730-8cc3-623446b77b23}) (Version: latest - ppy Pty Ltd) osu! (HKLM-x32\...\{78b05f3d-2eac-41c6-a046-0adee4047463}) (Version: latest - ppy Pty Ltd) osu! (HKLM-x32\...\{c29b447b-7312-41de-b18a-406ed5b837f3}) (Version: latest - ppy Pty Ltd) paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC) PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - ) Portal 2 (HKLM\...\Steam App 620) (Version: - Valve) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) ROBLOX Player for Color (HKU\S-1-5-21-2347271913-121742815-75832369-1009\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Color (HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games) Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic) The Forest (HKLM\...\Steam App 242760) (Version: - Endnight Games Ltd) Timberman (HKLM\...\Steam App 398710) (Version: - Digital Melody) Toribash (HKLM\...\Steam App 248570) (Version: - Nabi Studios) TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN) Town of Salem (HKLM\...\Steam App 334230) (Version: - BlankMediaGames) Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games) Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.22-6 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Who's Your Daddy (HKLM\...\Steam App 427730) (Version: - Joe Williams) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-1009_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Color\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A60F94A42F24}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A60F94A42F24}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05406B46-2C09-4D98-A080-243564BEA847} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Color\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {29F9D7CA-DFE1-48C9-B55A-01016C77F04A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-zakarywesterman@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {305D4B7C-E10D-44AE-911B-FBBBC6A4841F} - System32\Tasks\{C5A9E7A3-1D91-470A-883D-63AAE0DD8B8D} => pcalua.exe -a C:\Users\zakar\AppData\Local\Roblox\Versions\version-2a3769b753884f05\RobloxPlayerLauncher.exe -c -uninstall Task: {5BF822B9-9668-49E2-BC84-9C658884225F} - System32\Tasks\AdobeAAMUpdater-1.0-ZAKK-SPC02-Color => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {6196A7B8-8D15-44B1-AB1B-396E806441ED} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe Task: {684D8555-4EE3-4E5B-8098-CCD251D161BA} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-03-27] (Adobe Systems Incorporated) Task: {8072A7E2-0C74-458D-8BB5-3100557DBB98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.) Task: {DACA3982-200C-4B4A-8671-DF4B7D63DF64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.) Task: {E4EC867D-836F-4EF5-9B7D-DB7B241B800E} - System32\Tasks\AdobeAAMUpdater-1.0-ZAKK-SPC02-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {EE0B0FC7-71C2-4592-BB1B-2AD8296C126D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {F93A7763-390B-40E8-A50B-B86CEDE57B71} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-24 22:41 - 2013-07-04 04:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-09-24 16:20 - 2016-09-24 16:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-03-28 12:07 - 2016-03-28 12:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-03-18 14:58 - 2017-03-18 14:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 14:59 - 2017-03-18 20:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-06-20 21:34 - 2017-06-20 21:35 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-20 21:34 - 2017-06-20 21:35 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-20 21:34 - 2017-06-20 21:35 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-20 21:34 - 2017-06-20 21:35 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2017-05-24 22:42 - 2017-05-01 14:51 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-05-22 04:03 - 2017-05-22 04:03 - 00250112 _____ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll 2017-06-28 02:28 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-05-25 15:52 - 2017-05-25 15:52 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-21 19:44 - 2017-06-21 19:44 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll 2017-06-21 19:44 - 2017-06-21 19:44 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-06-21 19:44 - 2017-06-21 19:44 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-05-31 19:06 - 2017-05-31 19:06 - 23661056 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe 2017-05-31 19:06 - 2017-05-31 19:06 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-05-25 16:00 - 2017-05-25 16:00 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-19 22:57 - 2017-06-19 22:58 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-06-19 22:57 - 2017-06-19 22:58 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-06-15 02:42 - 2017-06-15 02:42 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-06-15 02:42 - 2017-06-15 02:42 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-05-25 15:52 - 2017-05-25 15:52 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-15 02:42 - 2017-06-15 02:42 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2016-06-30 21:33 - 2016-06-30 21:34 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-06-15 02:42 - 2017-06-15 02:42 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-05-07 15:54 - 2017-05-07 15:54 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-04-26 15:54 - 2016-04-26 15:55 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-06-28 13:26 - 2017-06-22 21:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll 2017-06-28 13:26 - 2017-06-22 21:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll 2016-04-27 17:17 - 2017-06-28 04:01 - 01536520 _____ () C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 2017-05-24 22:41 - 2017-06-29 09:22 - 00035984 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2017-05-24 22:41 - 2013-07-04 04:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2016-04-26 18:49 - 2017-05-16 19:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-04-26 18:49 - 2016-08-31 19:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-04-26 18:49 - 2017-06-07 23:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll 2016-04-26 18:49 - 2016-08-31 19:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-04-26 18:49 - 2016-08-31 19:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-04-26 18:49 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-04-26 18:49 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-04-26 18:49 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-04-26 18:49 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-04-26 18:49 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-04-26 18:49 - 2017-06-07 23:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-04-26 18:49 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-06-11 12:43 - 2017-05-16 19:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2016-12-12 16:16 - 2017-05-08 13:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2016-04-26 18:49 - 2017-06-07 23:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll 2016-04-26 18:49 - 2015-09-24 17:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2017-05-12 19:19 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-05-29 00:54 - 2017-05-29 00:54 - 01082880 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-05-29 00:54 - 2017-05-29 00:54 - 03750400 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-05-29 00:54 - 2017-05-29 00:54 - 00914432 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-05-29 00:54 - 2017-05-29 00:54 - 01127424 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-05-12 19:19 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-05-12 19:19 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-06-30 13:35 - 2017-06-30 13:35 - 00148992 _____ () \\?\C:\Users\Color\AppData\Local\Temp\A38F.tmp.node 2017-05-29 00:54 - 2017-05-29 00:54 - 02658296 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-05-29 00:54 - 2017-05-29 00:54 - 02665976 _____ () \\?\C:\Users\Color\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-04-25 23:19 - 2016-12-22 12:45 - 00000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049541\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049706\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346047\Control Panel\Desktop\\Wallpaper -> C:\Users\lulrn\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-2347271913-121742815-75832369-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049929\Control Panel\Desktop\\Wallpaper -> C:\Users\lulrn\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-2347271913-121742815-75832369-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346477\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052227\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-1009\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\StartupApproved\Run: => "guidrw" HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\StartupApproved\Run: => "guidrw" HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{391BDD9C-834B-43E9-A347-CE8F3D94B246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{B3EA21E8-07B0-4EE3-80D8-15794FB11C14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{9BC0A768-1D5D-457E-AC1A-782F037597E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{F48FCE7B-D85F-4E87-A155-AEE0146C63A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{1379ECB7-11DF-469B-B1A4-9B1AF47AACE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{2EDDA850-98AE-4958-B322-8CEF9B110A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{4F70B987-AFBA-4A7C-912F-52825A86A72C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{28E1F01C-10F8-4E53-9000-07338ED4E928}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6B2C33D6-9F01-4D87-99DD-4BDFBA264BDB}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{204E5C64-E99E-43C7-B00B-F51748A847C2}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{0D9BE540-7077-45CE-B7D2-DE04FFCB8FC5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{DD3B2A02-C544-4856-B679-247B1315D16B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{9E7A0D1F-7A35-48D2-BBAE-DA6F55F32B8A}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{9B6C1689-5F25-4771-B418-38A9199D77B5}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{EBE2563B-E241-48E3-8829-EE334B75FAEE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{1FD8C945-B657-4A71-8249-47A91281E865}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{B7F89E8D-CEEE-46FE-AACF-3E5DA381A196}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe FirewallRules: [UDP Query User{CB5C435F-2656-40FD-AEA0-EF460559C234}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe FirewallRules: [{7334037E-0A53-4A47-84BE-223EE5458347}] => (Block) C:\program files\java\jre1.8.0_131\bin\java.exe FirewallRules: [{2A48EB0A-CB02-4CB3-9EF3-6A7D240B0C71}] => (Block) C:\program files\java\jre1.8.0_131\bin\java.exe FirewallRules: [TCP Query User{A0EB8EC1-44D4-4D36-A5DE-705605BABA99}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [UDP Query User{F6510643-4EE8-434F-A13C-9976DA31B394}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [{B2BCD6C4-D60F-49F2-9DB9-B48F9B76F52A}] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [{EF619420-6C97-4EEE-9E0C-4220D91600E4}] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [TCP Query User{116907D8-A4E3-4F5F-A13E-E4A01F73BB8A}C:\program files\java\jdk1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\javaw.exe FirewallRules: [UDP Query User{73552701-A8D7-40DE-B792-018C02BC6AB5}C:\program files\java\jdk1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\javaw.exe FirewallRules: [{143F7AA7-D6A4-4FC2-BE9C-AE1DF9AAF3B2}] => (Block) C:\program files\java\jdk1.8.0_101\bin\javaw.exe FirewallRules: [{174FB71E-D9B9-495C-B3D7-9007B6A2B376}] => (Block) C:\program files\java\jdk1.8.0_101\bin\javaw.exe FirewallRules: [TCP Query User{F2B08CAA-C140-442E-9599-546D23027D7C}C:\program files\java\jdk1.8.0_101\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_101\jre\bin\javaw.exe FirewallRules: [UDP Query User{15F90607-9662-4EC6-8A90-DA47D94C9290}C:\program files\java\jdk1.8.0_101\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_101\jre\bin\javaw.exe FirewallRules: [TCP Query User{D268DE7B-7591-4DC1-8FCA-B1473C04C735}C:\programdata\oracle\java\javapath_target_941281\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_941281\java.exe FirewallRules: [UDP Query User{DB4C0C5F-A46D-4296-B5B7-FC1522ED2741}C:\programdata\oracle\java\javapath_target_941281\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_941281\java.exe FirewallRules: [{21F58758-3631-4EF2-9DE6-570BEE11706B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9E03545E-8FB3-4A1B-8F0C-9196D6F0CF8D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{22526328-04B7-4526-99E7-504F3AA97213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{DFB85C3A-07BE-4158-8A66-9A6EF681D5D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{F5A38FE6-A6FE-434E-928B-94B86526AE64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe FirewallRules: [{E39CEF63-478E-4DF0-8EE3-5D1FC815D6FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe FirewallRules: [TCP Query User{C86C5045-4EC8-49D6-8A02-8004C10C45F5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{96A60FE8-CB9B-4C1E-8EDD-E316AEE27D5A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{375A9861-B1AE-477E-8B6B-E42A3E8DF557}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{C64C79A4-14B7-4650-8459-4F5AFC86A30B}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{C82BB776-4088-41F5-BD12-C69C52DFE1D4}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe FirewallRules: [{63338296-7D34-42BB-9AB4-64472F7CF566}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe FirewallRules: [TCP Query User{4EEA56F0-37DD-40BB-BA8A-91852ED374EE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{28739496-D70C-4098-B0D2-9246A94FD4A3}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{2462B9F4-AD8F-4DD4-A418-59181F82D43F}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{12981D2F-D6A5-4B6F-807E-CB503A55D3CF}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{78413EF6-FF91-4991-BA0E-0E831478668D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe FirewallRules: [{9D9A547E-1B8B-4236-803E-FA4FECC3B00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe FirewallRules: [{9C19B999-87BF-4211-8E1C-23F59579791A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{4BAFF259-7BBF-49C3-AA47-5EEAB89E12CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{F7F740FB-AD6C-4643-913B-1307804FA860}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FBDF7C6E-EF59-4D3B-8493-DFF60D606617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{F0FED92C-E85F-4D5E-A2D9-D60A22AF29A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [TCP Query User{59645E3C-3127-4EA0-9F05-BE031E5FBC0F}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe FirewallRules: [UDP Query User{077F1BD0-D979-4850-861E-7D5A787F1BFF}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe FirewallRules: [{10404186-1C92-429E-B697-4DC7B4472525}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe FirewallRules: [{FF1AE514-278E-4CBA-A931-B6F41F32859E}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe ==================== Restore Points ========================= 29-06-2017 10:19:44 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/30/2017 06:29:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/30/2017 02:01:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/30/2017 01:54:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/30/2017 01:05:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/29/2017 11:28:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.297.0.1521, time stamp: 0x5952bffe Faulting module name: RobloxPlayerBeta.exe, version: 0.297.0.1521, time stamp: 0x5952bffe Exception code: 0xc0000409 Fault offset: 0x009a602c Faulting process id: 0x2830 Faulting application start time: 0x01d2f15a31058332 Faulting application path: C:\Users\Color\AppData\Local\Roblox\Versions\version-fc39a4c10c8d4c27\RobloxPlayerBeta.exe Faulting module path: C:\Users\Color\AppData\Local\Roblox\Versions\version-fc39a4c10c8d4c27\RobloxPlayerBeta.exe Report Id: d3eda2a0-68dc-4ad8-879f-2c19c3cb08d5 Faulting package full name: Faulting package-relative application ID: Error: (06/29/2017 09:24:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/29/2017 09:23:17 AM) (Source: WTabletServicePro) (EventID: 1) (User: ) Description: Event-ID 1 Error: (06/29/2017 09:10:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (06/28/2017 08:53:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ZAKK-SPC02) Description: Package Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (06/28/2017 08:27:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAKK-SPC02) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (06/30/2017 07:07:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/30/2017 06:30:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/30/2017 05:11:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/30/2017 05:10:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/30/2017 02:01:24 AM) (Source: DCOM) (EventID: 10010) (User: ZAKK-SPC02) Description: The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (06/30/2017 01:54:25 AM) (Source: DCOM) (EventID: 10010) (User: ZAKK-SPC02) Description: The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (06/30/2017 12:13:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/29/2017 10:22:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (06/29/2017 09:26:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (06/29/2017 09:22:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 CodeIntegrity: =================================== Date: 2017-06-28 22:33:03.276 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 22:32:21.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 22:31:51.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 22:31:18.689 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 22:31:18.178 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 14:01:49.166 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 14:00:46.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 14:00:15.904 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 14:00:15.781 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-28 13:58:22.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 71% Total physical RAM: 8134.4 MB Available physical RAM: 2352.51 MB Total Virtual: 16071.54 MB Available Virtual: 7384.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.06 GB) (Free:477.93 GB) NTFS Drive d: (Tablet_CD) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ and Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017 Ran by Color (administrator) on ZAKK-SPC02 (30-06-2017 19:24:53) Running from C:\Users\Color\Downloads Loaded Profiles: Color & (Available Profiles: lulrn & Dallin & Color & Administrator) Platform: Windows 10 Home Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Hammer & Chisel, Inc.) C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\Discord.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Bohemia Interactive) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\bcastdvr.exe (BattlEye Innovations) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3battleye.exe () C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (Bohemia Interactive) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3_x64.exe (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Farbar) C:\Users\Color\Downloads\FRST64 (3).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-2347271913-121742815-75832369-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346047\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation) HKU\S-1-5-21-2347271913-121742815-75832369-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049929\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation) HKU\S-1-5-21-2347271913-121742815-75832369-1007-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346477\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation) HKU\S-1-5-21-2347271913-121742815-75832369-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052227\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation) HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\...\Run: [Discord] => C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\...\Run: [Discord] => C:\Users\Administrator\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) SSODL: EldosMountNotificator-cbfs6 - {5A1CF1CF-E160-4CF3-A6B5-6BFCE7CF1663} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {5A1CF1CF-E160-4CF3-A6B5-6BFCE7CF1663} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.) ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {08DC6C43-0B0D-4FEA-8836-9750CC38672F} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.) ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {08DC6C43-0B0D-4FEA-8836-9750CC38672F} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Discord.lnk [2017-05-21] ShortcutTarget: Discord.lnk -> C:\Users\Color\AppData\Local\Discord\Update1.exe (No File) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\osu!.lnk [2017-05-17] ShortcutTarget: osu!.lnk -> C:\Users\Color\AppData\Local\osu!\osu!.exe (No File) Startup: C:\Users\zakar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegisterFont.exe - Shortcut.lnk [2017-03-14] ShortcutTarget: RegisterFont.exe - Shortcut.lnk -> C:\Users\Color\Desktop\Fonts\RegisterFont.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 Tcpip\..\Interfaces\{377df595-146d-4629-9674-68042888210e}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-2347271913-121742815-75832369-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133346047\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=sk2b&ocid=sk2bdhp&osmkt=en-us HKU\S-1-5-21-2347271913-121742815-75832369-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162049929\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=sk2b&ocid=sk2bdhp&osmkt=en-us HKU\S-1-5-21-2347271913-121742815-75832369-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-06302017133347034\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp HKU\S-1-5-21-2347271913-121742815-75832369-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162053077\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-2347271913-121742815-75832369-1009 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2347271913-121742815-75832369-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06302017162052599 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-25] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-25] (Oracle Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR Profile: C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default [2017-06-30] CHR Extension: (Google Drive) - C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-29] CHR Extension: (YouTube) - C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-29] CHR Extension: (Gmail) - C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-29] CHR Extension: (Chrome Media Router) - C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-06-28] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [675272 2017-05-31] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [5004560 2016-02-17] (Realtek Semiconductor Corporation ) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [401896 2017-06-30] () R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-30] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-30] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-30] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-30] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-30] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R1 MpKsl35e4e379; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4BB6BDF-7D83-415E-BCF3-4D388B34029C}\MpKsl35e4e379.sys [44928 2017-06-28] (Microsoft Corporation) R1 MpKsledcaed62; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{382AFD59-9282-48A7-8D44-CD748B3B9380}\MpKsledcaed62.sys [44928 2017-06-30] (Microsoft Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek ) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.) R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-06-10] (Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-30 19:24 - 2017-06-30 19:28 - 00021287 _____ C:\Users\Color\Downloads\FRST.txt 2017-06-30 19:23 - 2017-06-30 19:24 - 02440704 _____ (Farbar) C:\Users\Color\Downloads\FRST64 (3).exe 2017-06-29 00:48 - 2017-06-29 22:16 - 00000000 ____D C:\Users\Color\Documents\Arma 3 - Other Profiles 2017-06-29 00:04 - 2017-06-30 19:26 - 00000000 ____D C:\Users\Color\AppData\Local\Arma 3 2017-06-29 00:04 - 2017-06-29 00:53 - 00000000 ____D C:\Users\Color\Documents\Arma 3 2017-06-29 00:04 - 2017-06-29 00:04 - 00000000 ____D C:\ProgramData\Bohemia Interactive 2017-06-28 14:12 - 2017-06-28 22:49 - 00000000 ____D C:\ProgramData\Package Cache 2017-06-28 14:07 - 2017-06-28 14:07 - 00000000 ____D C:\Users\Color\Documents\Fruitbat Factory 2017-06-28 11:37 - 2017-06-28 11:39 - 00000000 ____D C:\Users\Color\AppData\Local\Roblox 2017-06-28 09:36 - 2017-06-28 09:36 - 00000000 ___HD C:\$SysReset 2017-06-28 09:35 - 2017-06-28 09:35 - 00000000 ____D C:\WINDOWS\Panther 2017-06-28 09:11 - 2017-06-30 16:30 - 00000000 ____D C:\Users\Color\AppData\Local\Arma 3 Launcher 2017-06-28 09:11 - 2017-06-28 09:11 - 00000000 ____D C:\Users\Color\AppData\Local\Bohemia_Interactive 2017-06-28 06:14 - 2017-06-28 07:06 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-06-28 02:43 - 2017-06-30 00:31 - 00000000 ____D C:\Users\Color\Desktop\Random 2017-06-28 02:42 - 2017-06-28 02:42 - 00000000 ____D C:\Users\Color\Desktop\SAI 2017-06-28 02:28 - 2017-06-30 17:01 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-28 02:28 - 2017-06-30 00:49 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-06-28 02:28 - 2017-06-30 00:49 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-06-28 02:28 - 2017-06-28 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-28 02:28 - 2017-06-28 02:28 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-28 02:28 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-06-27 22:12 - 2017-06-30 00:49 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-06-26 11:54 - 2017-06-30 00:49 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-26 11:54 - 2017-06-28 02:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-06-25 23:00 - 2017-06-30 19:24 - 00000000 ____D C:\FRST 2017-06-23 22:43 - 2017-06-23 22:43 - 00000000 ____D C:\Users\Color\Documents\Adobe Scripts 2017-06-23 19:25 - 2017-06-28 18:36 - 00000000 ____D C:\Users\Color\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-06-22 23:45 - 2017-06-22 23:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet 2017-06-22 21:04 - 2017-06-22 21:04 - 00000000 ____D C:\Users\Color\AppData\Roaming\com.mcleodgaming.ssf2 2017-06-18 16:30 - 2017-06-18 16:30 - 00000000 ____D C:\Users\Color\AppData\Roaming\.mono 2017-06-17 16:27 - 2017-06-17 16:27 - 00000000 ____D C:\Users\Color\AppData\Local\ElevatedDiagnostics 2017-06-17 16:10 - 2017-06-17 16:10 - 00003066 _____ C:\WINDOWS\System32\Tasks\CMPCUAC 2017-06-17 16:10 - 2017-06-17 16:10 - 00000000 ____D C:\ProgramData\MacPaw Inc 2017-06-17 16:10 - 2017-06-17 16:10 - 00000000 ____D C:\ProgramData\MacPaw 2017-06-17 15:10 - 2017-06-17 15:10 - 00000000 ____D C:\Users\Color\Documents\Rockstar Games 2017-06-17 15:10 - 2017-06-17 15:10 - 00000000 ____D C:\Users\Color\AppData\Local\Rockstar Games 2017-06-13 16:19 - 2017-06-03 03:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-06-13 16:19 - 2017-06-03 03:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-06-13 16:19 - 2017-06-03 03:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2017-06-13 16:19 - 2017-06-03 03:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-06-13 16:19 - 2017-06-03 03:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-06-13 16:19 - 2017-06-03 03:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-06-13 16:19 - 2017-06-03 03:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-06-13 16:19 - 2017-06-03 03:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-06-13 16:19 - 2017-06-03 03:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-06-13 16:19 - 2017-06-03 03:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2017-06-13 16:19 - 2017-06-03 03:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-06-13 16:19 - 2017-06-03 03:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-06-13 16:19 - 2017-06-03 03:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll 2017-06-13 16:19 - 2017-06-03 03:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-06-13 16:19 - 2017-06-03 02:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-06-13 16:19 - 2017-06-03 02:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-06-13 16:19 - 2017-06-03 02:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-06-13 16:19 - 2017-06-03 02:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-06-13 16:19 - 2017-06-03 02:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-06-13 16:19 - 2017-06-03 02:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-06-13 16:19 - 2017-06-03 02:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-06-13 16:19 - 2017-06-03 02:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-06-13 16:19 - 2017-06-03 02:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-06-13 16:19 - 2017-06-03 02:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-06-13 16:18 - 2017-06-03 04:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-06-13 16:18 - 2017-06-03 04:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-06-13 16:18 - 2017-06-03 04:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-06-13 16:18 - 2017-06-03 04:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-06-13 16:18 - 2017-06-03 04:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-06-13 16:18 - 2017-06-03 04:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2017-06-13 16:18 - 2017-06-03 04:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-06-13 16:18 - 2017-06-03 04:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-06-13 16:18 - 2017-06-03 04:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-06-13 16:18 - 2017-06-03 04:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-06-13 16:18 - 2017-06-03 04:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-06-13 16:18 - 2017-06-03 04:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-06-13 16:18 - 2017-06-03 04:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-06-13 16:18 - 2017-06-03 04:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-06-13 16:18 - 2017-06-03 04:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll 2017-06-13 16:18 - 2017-06-03 04:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2017-06-13 16:18 - 2017-06-03 03:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-06-13 16:18 - 2017-06-03 03:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-06-13 16:18 - 2017-06-03 03:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-06-13 16:18 - 2017-06-03 03:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2017-06-13 16:18 - 2017-06-03 03:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-06-13 16:18 - 2017-06-03 03:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-06-13 16:18 - 2017-06-03 03:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-06-13 16:18 - 2017-06-03 03:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-06-13 16:18 - 2017-06-03 03:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-06-13 16:18 - 2017-06-03 03:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll 2017-06-13 16:18 - 2017-06-03 03:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2017-06-13 16:18 - 2017-06-03 03:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-06-13 16:18 - 2017-06-03 03:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll 2017-06-13 16:18 - 2017-06-03 03:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2017-06-13 16:18 - 2017-06-03 03:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2017-06-13 16:18 - 2017-06-03 03:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-06-13 16:18 - 2017-06-03 03:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-06-13 16:18 - 2017-06-03 03:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-06-13 16:18 - 2017-06-03 03:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-06-13 16:18 - 2017-06-03 03:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-06-13 16:18 - 2017-06-03 03:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-06-13 16:18 - 2017-06-03 03:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe 2017-06-13 16:18 - 2017-06-03 03:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll 2017-06-13 16:18 - 2017-06-03 03:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll 2017-06-13 16:18 - 2017-06-03 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-06-13 16:18 - 2017-06-03 03:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-06-13 16:18 - 2017-06-03 03:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2017-06-13 16:18 - 2017-06-03 03:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-06-13 16:18 - 2017-06-03 03:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-06-13 16:18 - 2017-06-03 03:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-06-13 16:18 - 2017-06-03 03:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-06-13 16:18 - 2017-06-03 03:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-06-13 16:18 - 2017-06-03 03:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-06-13 16:18 - 2017-06-03 03:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-06-13 16:18 - 2017-06-03 03:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll 2017-06-13 16:18 - 2017-06-03 03:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-06-13 16:18 - 2017-06-03 03:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-06-13 16:18 - 2017-06-03 03:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-06-13 16:18 - 2017-06-03 03:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-06-13 16:18 - 2017-06-03 03:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-06-13 16:18 - 2017-06-03 03:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-06-13 16:18 - 2017-06-03 03:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-06-13 16:18 - 2017-06-03 03:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-06-13 16:18 - 2017-06-03 03:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-06-13 16:18 - 2017-06-03 03:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-06-13 16:18 - 2017-06-03 03:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-06-13 16:18 - 2017-06-03 02:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-06-13 16:18 - 2017-06-03 02:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-06-13 16:18 - 2017-06-03 02:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-06-13 16:18 - 2017-06-03 02:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-06-13 16:18 - 2017-06-03 02:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-06-13 16:18 - 2017-06-03 02:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-06-13 16:18 - 2017-06-03 02:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-06-13 16:18 - 2017-06-03 02:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-06-13 16:18 - 2017-06-03 02:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-06-13 16:18 - 2017-06-03 02:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-06-13 16:18 - 2017-06-03 02:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-06-13 16:18 - 2017-06-03 02:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-06-13 16:18 - 2017-06-03 02:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-06-13 16:18 - 2017-06-03 02:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-06-13 16:18 - 2017-06-03 02:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-06-13 16:18 - 2017-06-03 02:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-06-13 16:18 - 2017-06-03 02:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-06-13 16:18 - 2017-06-03 02:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-06-13 16:18 - 2017-06-03 02:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-06-13 16:18 - 2017-06-03 02:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe 2017-06-11 22:59 - 2017-06-11 22:59 - 00000000 ____D C:\Users\Color\AppData\LocalLow\Unity 2017-06-10 16:01 - 2017-06-10 16:01 - 00037344 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2017-06-10 15:57 - 2017-06-18 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword 2017-06-08 15:10 - 2017-06-08 15:10 - 00001043 _____ C:\Users\Color\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk 2017-06-08 08:42 - 2017-06-08 09:33 - 00000000 ____D C:\Users\Color\AppData\Roaming\Skype 2017-06-08 08:42 - 2017-06-08 08:42 - 00000000 ____D C:\Users\Color\Tracing 2017-06-07 18:20 - 2017-06-07 18:20 - 00000000 ____D C:\Users\Color\Documents\SYSTEMAX Software Development 2017-06-03 17:33 - 2017-06-29 22:30 - 00000240 _____ C:\Users\Color\Documents\ClownfishVoiceChanger.ini 2017-06-01 21:40 - 2017-06-28 11:38 - 00000000 ____D C:\Users\Color\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-06-01 21:40 - 2017-06-11 22:59 - 00000246 _____ C:\Users\Color\AppData\LocalLow\rbxcsettings.rbx 2017-06-01 19:45 - 2017-06-25 03:24 - 00000000 ____D C:\Users\Color\AppData\Roaming\Audacity 2017-06-01 19:45 - 2017-06-01 19:45 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-06-01 19:34 - 2017-06-01 19:36 - 28941304 _____ C:\Users\Color\Downloads\Ultimate_Audio_Spectrum_V2.zip 2017-06-01 19:28 - 2017-06-02 01:39 - 00000000 ____D C:\Users\Color\Documents\Adobe 2017-06-01 19:26 - 2017-06-01 19:26 - 00000000 ____D C:\Users\Color\AppData\Roaming\Macromedia 2017-06-01 18:42 - 2017-06-01 18:42 - 00000000 ____D C:\Users\Color\AppData\Roaming\Publish Providers 2017-06-01 18:41 - 2017-06-01 18:46 - 00000000 ____D C:\Users\Color\AppData\Roaming\Sony 2017-06-01 18:41 - 2017-06-01 18:41 - 00000000 ____D C:\Users\Color\AppData\Local\Sony 2017-06-01 18:28 - 2017-06-01 18:28 - 00000000 ____D C:\Users\Color\AppData\LocalLow\Adobe 2017-06-01 18:26 - 2017-06-01 18:26 - 00000000 ____D C:\Users\Color\AppData\Local\Tempzxpsign8d01a281786ca80e 2017-06-01 18:21 - 2017-06-01 18:21 - 00000000 ____D C:\Users\Color\AppData\Local\Tempzxpsign6e755c6554e0659f 2017-06-01 18:21 - 2017-06-01 18:21 - 00000000 ____D C:\Users\Color\AppData\Local\Tempzxpsign279f3f1e62200ca4 2017-06-01 18:20 - 2017-06-01 18:20 - 00000000 ____D C:\Users\Color\AppData\Roaming\PDAppFlex 2017-06-01 18:20 - 2017-06-01 18:20 - 00000000 ____D C:\Users\Color\AppData\Local\Tempzxpsignd834c58c462240e8 2017-06-01 18:20 - 2017-06-01 18:20 - 00000000 ____D C:\Users\Color\AppData\Local\Tempzxpsign5fcf4b17b1d54187 2017-06-01 18:19 - 2017-06-29 02:00 - 00000000 ____D C:\Users\Color\AppData\Local\Adobe 2017-06-01 18:19 - 2017-06-01 18:19 - 00003614 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-ZAKK-SPC02-Color 2017-06-01 14:43 - 2017-06-01 14:44 - 00000000 ____D C:\Users\Color\AppData\Local\paint.net 2017-06-01 14:36 - 2017-06-01 14:36 - 00000000 ____D C:\Users\Color\AppData\Roaming\Apple Computer 2017-06-01 14:35 - 2017-06-23 21:50 - 00000000 ____D C:\Users\Color\AppData\Roaming\obs-studio 2017-06-01 02:48 - 2017-06-01 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-01 02:48 - 2017-05-01 14:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-06-01 02:47 - 2017-05-19 18:07 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-06-01 02:47 - 2017-05-19 18:07 - 00427608 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-05-31 19:20 - 2017-05-31 19:20 - 00000000 ____D C:\Users\Color\AppData\Roaming\TownOfSalem 2017-05-31 19:17 - 2017-05-31 19:17 - 00000000 ____D C:\Users\Color\AppData\Local\Steam ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-30 18:41 - 2017-05-29 00:56 - 00000000 ____D C:\Users\Color\AppData\Roaming\.minecraft 2017-06-30 17:44 - 2017-05-29 00:54 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F0441B1-361F-4506-BBA5-929E47A24EEF} 2017-06-30 17:15 - 2016-04-26 18:48 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-30 17:14 - 2017-05-17 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\osu! 2017-06-30 16:08 - 2017-05-24 22:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-30 01:07 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-30 00:59 - 2017-03-18 15:03 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-30 00:14 - 2017-05-29 00:36 - 00000000 ____D C:\Users\Color\AppData\Roaming\Adobe 2017-06-29 21:54 - 2017-05-30 16:39 - 00000000 ____D C:\Users\Color\Documents\Sound recordings 2017-06-29 10:22 - 2016-09-21 22:34 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-29 09:28 - 2017-05-24 23:02 - 01391930 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-29 09:22 - 2017-05-29 00:38 - 00000000 ____D C:\Users\Color\AppData\Local\TSVNCache 2017-06-29 09:22 - 2017-05-29 00:36 - 00000000 ____D C:\Users\Color 2017-06-29 09:22 - 2017-05-24 23:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-29 09:21 - 2017-03-18 05:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI 2017-06-29 09:20 - 2017-05-22 20:51 - 00000000 ____D C:\AdwCleaner 2017-06-29 08:58 - 2017-05-22 20:25 - 00000000 ____D C:\Users\Color\Desktop\ImportantFiles 2017-06-28 22:47 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-06-28 14:21 - 2017-05-29 00:37 - 00000000 ____D C:\Users\Color\AppData\Local\Google 2017-06-28 14:14 - 2017-03-18 15:01 - 00000000 ____D C:\WINDOWS\INF 2017-06-28 13:26 - 2016-04-26 15:56 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-28 11:38 - 2017-05-25 18:52 - 00000000 ____D C:\Users\Color\Desktop\Game 2017-06-28 09:44 - 2017-05-29 00:36 - 00000000 ____D C:\Users\Color\AppData\Local\Packages 2017-06-28 09:23 - 2017-05-28 00:13 - 00000000 ____D C:\WINDOWS\Minidump 2017-06-28 09:23 - 2017-05-19 17:50 - 00000000 ____D C:\ESD 2017-06-28 09:20 - 2016-09-20 16:58 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-06-28 06:15 - 2017-05-18 18:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\kqwqo 2017-06-28 06:15 - 2017-05-18 18:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\duaoy 2017-06-28 02:44 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-06-28 02:40 - 2017-05-19 18:34 - 00000000 ____D C:\PaintToolSAI 2017-06-28 02:28 - 2017-05-22 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-27 22:09 - 2017-03-18 20:30 - 00000000 ____D C:\WINDOWS\OCR 2017-06-26 21:07 - 2017-03-18 14:51 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-26 13:44 - 2017-05-29 00:54 - 00000000 ____D C:\Users\Color\AppData\Roaming\discord 2017-06-25 12:39 - 2017-05-24 23:11 - 00029415 _____ C:\WINDOWS\diagwrn.xml 2017-06-25 12:39 - 2017-05-24 23:11 - 00020958 _____ C:\WINDOWS\diagerr.xml 2017-06-25 11:55 - 2017-05-28 22:40 - 00000000 ____D C:\Program Files (x86)\Image-Line 2017-06-24 19:19 - 2016-04-26 15:57 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-24 19:13 - 2016-04-26 15:57 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-23 23:19 - 2017-05-29 15:40 - 00000000 ____D C:\Users\Color\AppData\Roaming\Notepad++ 2017-06-23 16:44 - 2016-06-30 11:38 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk 2017-06-23 16:44 - 2016-06-30 11:38 - 00000000 ____D C:\Windows10Upgrade 2017-06-23 16:39 - 2017-05-24 22:39 - 05133176 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-06-22 23:44 - 2017-05-29 00:36 - 00000000 ____D C:\Users\Color\AppData\Roaming\WTablet 2017-06-22 23:44 - 2017-05-24 17:27 - 00000000 ____D C:\Program Files\Tablet 2017-06-22 20:38 - 2017-05-30 17:24 - 00000000 ____D C:\Users\Color\AppData\Roaming\HandBrake 2017-06-22 14:00 - 2017-05-29 00:43 - 00000000 ___RD C:\Users\Color\OneDrive 2017-06-19 01:18 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\rescache 2017-06-18 18:46 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-17 17:18 - 2016-04-26 16:10 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-06-17 15:58 - 2016-04-27 00:39 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-17 15:52 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-06-17 15:52 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-17 15:29 - 2016-07-13 07:20 - 00000000 ____D C:\Program Files\Rockstar Games 2017-06-17 15:29 - 2016-07-13 07:20 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2017-06-06 17:17 - 2017-05-25 18:52 - 00000000 ____D C:\Users\Color\Desktop\Server 2017-06-05 20:17 - 2017-05-25 00:35 - 00000000 ____D C:\Windows.old 2017-06-03 00:32 - 2017-03-18 15:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 00:32 - 2017-03-18 15:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-01 19:45 - 2017-01-07 00:12 - 00000000 ____D C:\Program Files (x86)\Audacity 2017-06-01 18:41 - 2017-05-29 00:37 - 00000000 ____D C:\Users\Color\AppData\Local\VirtualStore 2017-06-01 18:19 - 2017-05-29 00:57 - 00000000 ____D C:\Users\Color\AppData\Roaming\NVIDIA 2017-06-01 14:59 - 2017-01-08 14:01 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2017-06-01 14:59 - 2017-01-08 14:01 - 00000000 ____D C:\Program Files\paint.net 2017-06-01 02:48 - 2017-05-24 22:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-01 02:48 - 2017-05-24 22:42 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-31 11:38 - 2017-05-24 17:28 - 02275784 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 02268616 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 02174408 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 02112456 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 01788360 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 01781704 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 01673160 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll 2017-05-31 11:38 - 2017-05-24 17:28 - 01632712 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll 2017-05-31 00:42 - 2016-04-26 15:59 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2017-05-20 16:08 - 2017-05-20 16:08 - 0047703 _____ () C:\ProgramData\agent.1495318076.bdinstall.bin 2017-05-20 17:18 - 2017-05-20 17:18 - 0029139 _____ () C:\ProgramData\agent.1495322284.bdinstall.bin 2017-05-24 22:42 - 2017-05-24 22:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-06-10 16:01 - 2017-06-10 16:01 - 0000093 _____ () C:\Users\Color\AppData\Local\Temp\3629bd450b487861893ae1d38f06aab9.dll 2017-06-10 23:00 - 2017-06-10 23:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Color\AppData\Local\Temp\jansi-64-8324772469584822779.dll 2017-06-22 23:41 - 2017-06-22 23:41 - 78496904 _____ () C:\Users\Color\AppData\Local\Temp\Setup-Wacom.exe 2017-01-16 21:03 - 2017-01-16 21:03 - 0008728 _____ () C:\Users\zakar\AppData\Local\Temp\BullseyeCoverage-2-x86.dll 2017-01-07 00:47 - 2016-04-26 15:37 - 0246808 _____ (BlueStack Systems) C:\Users\zakar\AppData\Local\Temp\HD-Logger-Native.dll 2017-01-07 00:47 - 2016-04-26 15:39 - 0128536 _____ (BlueStack Systems) C:\Users\zakar\AppData\Local\Temp\HD-ShortcutHandler.dll 2017-01-26 16:39 - 2017-01-26 16:39 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1006480592669951940.dll 2017-01-22 20:16 - 2017-01-22 20:16 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1065356022351383340.dll 2017-01-22 21:33 - 2017-01-22 21:33 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1202608253940840167.dll 2017-01-27 16:32 - 2017-01-27 16:32 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1205814019306405130.dll 2017-01-22 21:10 - 2017-01-22 21:10 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1368877315877176741.dll 2017-01-22 21:12 - 2017-01-22 21:12 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1399701947348450138.dll 2017-01-26 16:36 - 2017-01-26 16:36 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1449607236347537050.dll 2017-03-09 17:28 - 2017-03-09 17:28 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1472119323802293536.dll 2017-01-26 16:22 - 2017-01-26 16:22 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1521062151671055268.dll 2017-01-26 16:23 - 2017-01-26 16:23 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1527235430366651381.dll 2017-01-22 21:14 - 2017-01-22 21:14 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1757942568389802319.dll 2017-03-11 13:43 - 2017-03-11 13:43 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1827274828712066427.dll 2017-03-06 18:47 - 2017-03-06 18:47 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-1873118513399122809.dll 2017-01-22 21:24 - 2017-01-22 21:24 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-2191778411954201449.dll 2017-03-15 17:55 - 2017-03-15 17:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-2214658631691414396.dll 2017-03-13 15:15 - 2017-03-13 15:15 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-2351827686247360104.dll 2017-01-22 21:07 - 2017-01-22 21:07 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-2876996514332591656.dll 2017-03-11 12:51 - 2017-03-11 12:51 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3113041156644239446.dll 2017-01-26 16:35 - 2017-01-26 16:35 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3239867999615861012.dll 2017-01-26 16:30 - 2017-01-26 16:30 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3301480313811218017.dll 2017-01-26 16:40 - 2017-01-26 16:40 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3331587034124822656.dll 2017-03-10 23:36 - 2017-03-10 23:36 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3357104673445838450.dll 2017-01-22 21:30 - 2017-01-22 21:30 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3440194022917796599.dll 2017-01-20 15:23 - 2017-01-20 15:23 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3531091596091271618.dll 2017-01-26 18:08 - 2017-01-26 18:08 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-354226062362262631.dll 2017-01-22 21:39 - 2017-01-22 21:39 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3567368878881371288.dll 2017-01-22 21:15 - 2017-01-22 21:15 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3600908972801968522.dll 2017-01-22 20:54 - 2017-01-22 20:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-379548268352475038.dll 2017-03-14 15:19 - 2017-03-14 15:19 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-3801417042060064353.dll 2017-01-26 16:31 - 2017-01-26 16:31 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4091037281936820761.dll 2017-01-22 20:50 - 2017-01-22 20:50 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4288147056306589863.dll 2017-01-22 21:32 - 2017-01-22 21:32 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4431320370139871305.dll 2017-01-22 20:53 - 2017-01-22 20:53 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4617143016576305250.dll 2017-03-14 16:02 - 2017-03-14 16:02 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4703527993781339560.dll 2017-01-22 21:29 - 2017-01-22 21:29 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-4953607190099024047.dll 2017-01-26 16:27 - 2017-01-26 16:27 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5055499375213555875.dll 2017-01-22 21:38 - 2017-01-22 21:38 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5129613326253737420.dll 2017-03-06 18:54 - 2017-03-06 18:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-518136524158255210.dll 2017-02-23 16:18 - 2017-02-23 16:18 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5359551296977588199.dll 2017-01-22 19:57 - 2017-01-22 19:57 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5399084427078663248.dll 2017-01-22 20:40 - 2017-01-22 20:40 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5432387370313970156.dll 2017-01-22 21:40 - 2017-01-22 21:40 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5559662779594320400.dll 2017-01-22 20:56 - 2017-01-22 20:56 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5701862964370677600.dll 2017-03-07 18:00 - 2017-03-07 18:00 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5828365447159550873.dll 2017-01-19 22:13 - 2017-01-19 22:13 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5878953734206249654.dll 2017-01-22 21:22 - 2017-01-22 21:22 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5879950132033327071.dll 2017-01-23 16:46 - 2017-01-23 16:46 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5938800808921961986.dll 2017-01-21 17:13 - 2017-01-21 17:13 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-5987069870423873184.dll 2017-01-22 20:41 - 2017-01-22 20:41 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6220676852736410895.dll 2017-01-22 20:45 - 2017-01-22 20:45 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6272284725100367478.dll 2017-01-26 17:57 - 2017-01-26 17:57 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6344540760007132778.dll 2017-01-26 16:24 - 2017-01-26 16:24 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6363816171700732702.dll 2017-03-11 18:04 - 2017-03-11 18:04 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6886330013357454963.dll 2017-01-22 21:11 - 2017-01-22 21:11 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6958526407904782479.dll 2017-01-23 16:45 - 2017-01-23 16:45 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-6974306557608287059.dll 2017-01-22 21:23 - 2017-01-22 21:23 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7182894847546120548.dll 2017-01-19 22:13 - 2017-01-19 22:13 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7294498155811547857.dll 2017-01-26 16:34 - 2017-01-26 16:34 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-729988778230875002.dll 2017-01-22 19:49 - 2017-01-22 19:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7476071777738416019.dll 2017-01-26 16:55 - 2017-01-26 16:55 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7642392929587257298.dll 2017-03-13 16:43 - 2017-03-13 16:43 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7811714021555451622.dll 2017-03-11 12:59 - 2017-03-11 12:59 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-784356280075652114.dll 2017-01-26 16:32 - 2017-01-26 16:32 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-7992255882586507339.dll 2017-03-11 12:54 - 2017-03-11 12:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8053033178407221901.dll 2017-01-26 16:42 - 2017-01-26 16:42 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8069776941915706631.dll 2017-01-22 20:39 - 2017-01-22 20:39 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8157876231203440980.dll 2017-01-22 21:23 - 2017-01-22 21:23 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8271029233618563076.dll 2017-01-22 21:13 - 2017-01-22 21:13 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8391248087178029595.dll 2017-01-22 20:54 - 2017-01-22 20:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8693556917152949845.dll 2017-01-22 21:14 - 2017-01-22 21:14 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8776418804322765666.dll 2017-01-22 21:12 - 2017-01-22 21:12 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-8896540329821646319.dll 2017-01-19 22:14 - 2017-01-19 22:14 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-903842240722951651.dll 2017-01-21 15:06 - 2017-01-21 15:06 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-9110211553335453082.dll 2017-01-20 15:27 - 2017-01-20 15:27 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-9173470416381096897.dll 2017-01-26 16:39 - 2017-01-26 16:39 - 0019968 _____ (Red Hat®, Inc.) C:\Users\zakar\AppData\Local\Temp\jansi-64-975284504835029788.dll 2017-01-18 23:36 - 2017-01-18 23:36 - 0739904 _____ (Oracle Corporation) C:\Users\zakar\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-05-07 17:51 - 2017-05-07 17:51 - 0739904 _____ (Oracle Corporation) C:\Users\zakar\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-05-07 14:33 - 2017-05-07 14:34 - 76913680 _____ () C:\Users\zakar\AppData\Local\Temp\mpa05772.exe 2017-01-27 22:56 - 2017-01-27 23:50 - 0097900 _____ () C:\Users\zakar\AppData\Local\Temp\npp.7.2.2.Installer.exe 2017-05-07 14:34 - 2017-05-07 15:22 - 76913680 _____ () C:\Users\zakar\AppData\Local\Temp\Setup-Wacom.exe 2017-05-07 14:16 - 2017-05-07 14:17 - 57547224 _____ (Skype Technologies S.A.) C:\Users\zakar\AppData\Local\Temp\SkypeSetup.exe 2017-01-07 00:47 - 2016-04-26 04:11 - 0552472 _____ (BlueStack Systems, Inc.) C:\Users\zakar\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-29 04:37 ==================== End of FRST.txt ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by Color (Administrator) on Thu 06/29/2017 at 10:19:19.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 06/29/2017 at 10:26:08.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v6.047 - Logfile created 29/06/2017 at 09:20:26 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-28.2 [Server] # Operating System : Windows 10 Home (X64) # Username : Color - ZAKK-SPC02 # Running from : C:\Users\Color\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Administrator\AppData\Local\llssoft [-] Folder deleted: C:\Program Files\CleanMyPC [#] Folder deleted on reboot: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\llssoft ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Dataup [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\windowsmanagementservice [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\dataup [-] Key deleted: HKU\.DEFAULT\Software\CleanMyPC [#] Key deleted on reboot: HKU\S-1-5-18\Software\CleanMyPC [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik ***** [ Web browsers ] ***** [-] [C:\Users\Color\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iinglghmhcgdgjjlafobajghjamdchik [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [6867 Bytes] - [22/05/2017 20:57:31] C:\AdwCleaner\AdwCleaner[C2].txt - [2160 Bytes] - [22/05/2017 21:03:39] C:\AdwCleaner\AdwCleaner[C3].txt - [2176 Bytes] - [22/05/2017 21:09:12] C:\AdwCleaner\AdwCleaner[C4].txt - [2053 Bytes] - [29/06/2017 09:20:26] C:\AdwCleaner\AdwCleaner[S0].txt - [6702 Bytes] - [22/05/2017 20:55:20] C:\AdwCleaner\AdwCleaner[S1].txt - [2360 Bytes] - [22/05/2017 21:03:19] C:\AdwCleaner\AdwCleaner[S2].txt - [2180 Bytes] - [22/05/2017 21:08:32] C:\AdwCleaner\AdwCleaner[S3].txt - [2711 Bytes] - [29/06/2017 09:00:41] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2418 Bytes] ##########

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/28/17 Scan Time: 7:28 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2251 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: ZAKK-SPC02\Color -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 685668 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 hr, 33 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/28/17 Scan Time: 6:29 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2251 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: ZAKK-SPC02\Color -Scan Summary- Scan Type: Hyper Scan Result: Completed Objects Scanned: 2451 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 0 min, 41 sec -Scan Options- Memory: Enabled Startup: Disabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Heuristics: Disabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) I did a full scan earlier, and it didn't give me a area to get a report..

Malwarebytes' latest version.. so like 3.x

It finished "removing" everything but didn't get me a log..

Sure thing, but it'll prob shock you the results. (I did three scans for the "three checkmarks" things.) (Sending Malwarebytes Anti-Malware log soon) mbar-log-2017-06-27 (22-03-38).txt mbar-log-2017-06-27 (22-13-11).txt mbar-log-2017-06-27 (22-14-36).txt

MBAR deleted the services and not the system but uh.. the second one. (on the mbar "checklist") it then let me open Malwarebytes Anti-malware.

Aura, I left MBAR on without starting anything. I noticed I have over 4k different malware, and that is an issue. Though I have also noticed, that it has constantly and always goes to 'Not Responding' afterwards. The Guy with Malware: ShiroTada **UPDATE: I managed to get MalwareBytes Anti-Malware (Latest Vers.) working.**

Ok, just so you know. I think one of the malware hasnt allowed me to factory reset or reset in general.

Aura, I ran MBAR again, It got 2444. It then proceeded to do the "Not Responding" Error.

I'm not able to run MBAR via mbar.cmd. I will try to leave MBAR as the only on product and see if it works.

Aura, I can not run MBAR because of the "Requested Resource is in use" glitch, and when I did every now and then, it would complete and go Not Responding.