CrombieGuy146
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by CrombieGuy146
-
Here is the log requested. It is running great now. I couldn't have fixed this without your help (obviously). Thanks again! # DelFix v1.013 - Logfile created 03/09/2017 at 17:29:21 # Updated 17/04/2016 by Xplode # Username : Anthony's - ANTHONYS-PC # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Anthony's\Desktop\mbar Deleted : C:\Users\Anthony's\Desktop\AdwCleaner.exe Deleted : C:\Users\Anthony's\Desktop\Fixlog.txt Deleted : C:\Users\Anthony's\Desktop\FRST64.exe Deleted : C:\Users\Anthony's\Desktop\JRT.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #12 [Scheduled Checkpoint | 08/21/2017 00:41:38] Deleted : RP #14 [Revo Uninstaller Pro's restore point - SearchAwesome | 08/22/2017 01:45:14] Deleted : RP #16 [Revo Uninstaller Pro's restore point - SearchAwesome | 08/22/2017 01:46:16] Deleted : RP #18 [Revo Uninstaller Pro's restore point - SearchAwesome | 08/22/2017 01:47:09] Deleted : RP #20 [Revo Uninstaller's restore point - SearchAwesome | 08/22/2017 01:47:40] Deleted : RP #22 [Revo Uninstaller's restore point - SearchAwesome | 08/22/2017 01:48:15] Deleted : RP #24 [Reimage Repair Restore Point | 08/27/2017 13:50:00] Deleted : RP #27 [Removed AVG Driver Updater | 09/03/2017 15:11:32] Deleted : RP #28 [JRT Pre-Junkware Removal | 09/03/2017 16:47:28] Deleted : RP #30 [Restore Point Created by FRST | 09/03/2017 18:13:06] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
-
PM sent. Thanks again for the help. If the link doesn't work, let me know.
-
It is down to 85MB zipped. I thought it was getting close so I tried it again. this time it gave a different error letting me know the max size is 10MB. It appears I have a lot of deleting to do in order to get it down to size. Any suggestions? (Sorry this is taking so long)
-
Now its down to 261MB, but its still too large and won't upload. The largest file appears to be one located in C:\FRST\Quarantine\C\Users\Anthony's\AppData\Roaming\TotalAV named "vdf_1503781708" It is a zipped folder that is 176 MB.
-
The zipped file is now 282MB. When I try to upload it I get the same error saying its too large. Anything else I can delete to make it shrink down?
-
Here is the most recent log from FSRT Fixlog.txt
-
I just checked and the file must gave been too big to upload. It says "413 Request Entity Too Large." The quarantine file is 1.4 gigs unzipped and 800 meg zipped. Should I try something else?
-
When I went to delete the file that you mentioned above I could not find it. I was able to locate where it should be, but it was not in there (I even unchecked to hide some files just to make sure) Also, When I attempted to compress the other requested file it gave me an error. I had to turn off windows defender to allow me to compress it. I did submit the requested zipped file, but I'm not sure where the other file went (ntuserlitelist). Could windows defender have removed it by itself?
-
It seems to be running fine now. I'm able to run programs, including antivirus, with no problems. Here is the log from FSRT. I can't begin to thank you enough for all of your help. Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by Anthony's (03-09-2017 14:13:05) Run:4 Running from C:\Users\Anthony's\Desktop Loaded Profiles: Anthony's (Available Profiles: Anthony's & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: REG: REG DELETE "HKLM\Software\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" /f REG: REG DELETE "HKLM\Software\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" /f HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Task: {DAED514D-7125-4181-8F1E-3381A5DCD073} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {1D9A6A3A-9A39-465C-8EB0-E790A96D1A86} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3B47B45B-455B-4FC9-86C2-89E4BF99462F} - \5663639 -> No File <==== ATTENTION Task: {45884280-19D5-4839-8946-2B8F769FCF69} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {488CF377-B7BB-4286-A7AB-86A535038C1E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4AB77F00-440F-424B-BAD8-EDC8CE854D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {7183B7EA-EF9B-4D4A-9EDE-A170629E89E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {71C1FB0E-693D-4605-9413-CA45CA64C2F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {75F66399-B315-4151-87C8-7047C2967E2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {7767C981-682E-4292-AEBA-88038DAE62CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {7F0D8FCC-801B-475F-9121-6EBE8BB41F5E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {818F26BC-34D2-4222-BD0B-D419AC22A09D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {CAA02792-36C9-4531-9573-E9FF379867DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {DB03EB5E-CECF-4A3A-A7F9-9F18FB0A1785} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {E1FE4D07-EE21-49C7-A022-978218AAF278} - \8713397 -> No File <==== ATTENTION Task: {ED7CDC7D-30DA-4F60-9B46-4681E280051D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION HKLM\...\StartupApproved\Run: => "AvgUi" HKLM\...\StartupApproved\Run: => "AVGUI.exe" HKLM\...\StartupApproved\Run32: => "imepibw.exe" FirewallRules: [{024B9B1B-53BF-4F36-987C-96D8D2E31510}] => (Allow) C:\Program Files (x86)\Ostracized\tanager.exe C:\$AV_AVG C:\Program Files (x86)\AVG C:\ProgramData\Avg C:\Users\Anthony's\Downloads\Setup_serial_fxwWmFXyY9P0QmZd7guceA2_key_affid_1249_akey.exe C:\Users\Anthony's\AppData\Local\Avg C:\Users\Anthony's\AppData\Local\AVG Netherlands BV C:\Users\Anthony's\AppData\Local\AvgSetupLog C:\Users\Anthony's\AppData\Roaming\AVG C:\Users\Anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ========= REG DELETE "HKLM\Software\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= REG DELETE "HKLM\Software\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc" /f ========= The operation completed successfully. ========= End of Reg: ========= HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAED514D-7125-4181-8F1E-3381A5DCD073} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAED514D-7125-4181-8F1E-3381A5DCD073} => key removed successfully C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9A6A3A-9A39-465C-8EB0-E790A96D1A86} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9A6A3A-9A39-465C-8EB0-E790A96D1A86} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B47B45B-455B-4FC9-86C2-89E4BF99462F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B47B45B-455B-4FC9-86C2-89E4BF99462F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5663639 => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45884280-19D5-4839-8946-2B8F769FCF69} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45884280-19D5-4839-8946-2B8F769FCF69} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{488CF377-B7BB-4286-A7AB-86A535038C1E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{488CF377-B7BB-4286-A7AB-86A535038C1E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AB77F00-440F-424B-BAD8-EDC8CE854D42} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AB77F00-440F-424B-BAD8-EDC8CE854D42} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7183B7EA-EF9B-4D4A-9EDE-A170629E89E0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7183B7EA-EF9B-4D4A-9EDE-A170629E89E0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71C1FB0E-693D-4605-9413-CA45CA64C2F4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C1FB0E-693D-4605-9413-CA45CA64C2F4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75F66399-B315-4151-87C8-7047C2967E2A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F66399-B315-4151-87C8-7047C2967E2A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7767C981-682E-4292-AEBA-88038DAE62CB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7767C981-682E-4292-AEBA-88038DAE62CB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F0D8FCC-801B-475F-9121-6EBE8BB41F5E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F0D8FCC-801B-475F-9121-6EBE8BB41F5E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{818F26BC-34D2-4222-BD0B-D419AC22A09D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{818F26BC-34D2-4222-BD0B-D419AC22A09D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAA02792-36C9-4531-9573-E9FF379867DA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAA02792-36C9-4531-9573-E9FF379867DA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB03EB5E-CECF-4A3A-A7F9-9F18FB0A1785} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB03EB5E-CECF-4A3A-A7F9-9F18FB0A1785} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1FE4D07-EE21-49C7-A022-978218AAF278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1FE4D07-EE21-49C7-A022-978218AAF278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8713397 => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED7CDC7D-30DA-4F60-9B46-4681E280051D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED7CDC7D-30DA-4F60-9B46-4681E280051D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvgUi => value removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AVGUI.exe => value removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVGUI.exe => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\imepibw.exe => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\imepibw.exe => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{024B9B1B-53BF-4F36-987C-96D8D2E31510} => value removed successfully C:\$AV_AVG => moved successfully C:\Program Files (x86)\AVG => moved successfully C:\ProgramData\Avg => moved successfully C:\Users\Anthony's\Downloads\Setup_serial_fxwWmFXyY9P0QmZd7guceA2_key_affid_1249_akey.exe => moved successfully C:\Users\Anthony's\AppData\Local\Avg => moved successfully C:\Users\Anthony's\AppData\Local\AVG Netherlands BV => moved successfully C:\Users\Anthony's\AppData\Local\AvgSetupLog => moved successfully C:\Users\Anthony's\AppData\Roaming\AVG => moved successfully C:\Users\Anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 7364608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6351494 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 2899477 B Edge => 39971795 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 9022 B NetworkService => 0 B Anthony's => 5246131 B DefaultAppPool => 0 B RecycleBin => 0 B EmptyTemp: => 59 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:13:13 ====
-
Attached are both of the logs from FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by Anthony's (administrator) on ANTHONYS-PC (03-09-2017 13:04:46) Running from C:\Users\Anthony's\Desktop Loaded Profiles: Anthony's (Available Profiles: Anthony's & DefaultAppPool) Platform: Windows 10 Home Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService64.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [373728 2015-07-20] () HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis) HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] () HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5319632 2015-07-23] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.) HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.) HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.) HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\MountPoints2: {bc9bf85a-7208-11e6-9da8-305a3a007a76} - "L:\LaunchU3.exe" -a GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{97be7035-3eb8-4145-a2a2-120a1b9745d0}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{a9537128-efc0-4647-8774-37824a070a79}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{be98d2af-3a15-439d-883c-c4feaea33720}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default [2017-09-03] CHR Extension: (Google Slides) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-28] CHR Extension: (Google Docs) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28] CHR Extension: (Google Drive) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28] CHR Extension: (YouTube) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28] CHR Extension: (Google Search) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28] CHR Extension: (Google Sheets) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-28] CHR Extension: (Google Docs Offline) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28] CHR Extension: (Chrome Media Router) - C:\Users\Anthony's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13] CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kincmhfambjnciidkendiplanfiiemgm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-03-21] (Advanced Micro Devices) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed] R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (AOMEI Tech Co., Ltd.) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-11-27] (EasyAntiCheat Ltd) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 FWPnpService; C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe [235520 2015-11-20] () [File not signed] R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService64.exe [1128176 2017-07-31] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-02] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] () R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-03-27] (Advanced Micro Devices) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313824.inf_amd64_cff8240637965d03\atikmdag.sys [36560408 2017-05-04] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313824.inf_amd64_cff8240637965d03\atikmpag.sys [529936 2017-05-04] (Advanced Micro Devices, Inc.) R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] () S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-25] () S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-25] () R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] () R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices) R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] () R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [296736 2017-05-04] (Acronis International GmbH) R3 FWVirtualInputDevice; C:\WINDOWS\System32\drivers\FWVirtualInputDevice.sys [26192 2015-11-16] (Endor AG) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-03] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-03] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-03] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-03] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-03] (Malwarebytes) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 SvThLSNS; c:\Program Files (x86)\SAVITECH\SVLoadSense\SvThLSNS.sys [15184 2015-06-11] (Windows (R) Win 7 DDK provider) R2 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [1058632 2017-05-04] (Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [248648 2017-05-04] (Acronis International GmbH) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-03 14:22 - 2017-09-03 13:04 - 000000000 ___DC C:\FRST 2017-09-03 13:04 - 2017-09-03 13:04 - 000015377 _____ C:\Users\Anthony's\Desktop\FRST.txt 2017-09-03 13:03 - 2017-09-02 17:56 - 002395648 _____ (Farbar) C:\Users\Anthony's\Desktop\FRST64.exe 2017-09-03 12:45 - 2017-09-03 12:45 - 000003546 _____ C:\Users\Anthony's\Desktop\New Text Document.txt 2017-09-03 12:42 - 2017-09-03 12:42 - 001790024 _____ (Malwarebytes) C:\Users\Anthony's\Desktop\JRT.exe 2017-09-03 12:41 - 2017-09-03 12:43 - 000000000 ___DC C:\AdwCleaner 2017-09-03 12:40 - 2017-09-03 12:40 - 008182736 _____ (Malwarebytes) C:\Users\Anthony's\Desktop\AdwCleaner.exe 2017-09-03 12:14 - 2017-09-03 12:14 - 000000000 __HDC C:\OneDriveTemp 2017-09-03 12:11 - 2017-09-03 12:11 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-09-03 12:10 - 2017-09-03 12:44 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-09-03 12:10 - 2017-09-03 12:44 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-03 12:10 - 2017-09-03 12:44 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-03 12:10 - 2017-09-03 12:10 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-03 12:10 - 2017-09-03 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-03 12:10 - 2017-09-03 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-03 12:10 - 2017-09-03 12:10 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-03 12:10 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-09-03 12:09 - 2017-09-03 12:10 - 066347240 _____ (Malwarebytes ) C:\Users\Anthony's\Desktop\mb3-setup-consumer-3.2.2.2018.exe 2017-09-03 10:52 - 2017-09-03 11:15 - 000000000 ____D C:\Users\Anthony's\Desktop\mbar 2017-09-03 10:52 - 2017-09-03 10:52 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Anthony's\Desktop\mbar-1.09.4.1001.exe 2017-09-03 10:43 - 2017-09-03 10:43 - 016563352 _____ (Malwarebytes Corp.) C:\explorer.exe 2017-09-03 10:41 - 2017-09-03 10:41 - 061819320 _____ (Malwarebytes ) C:\Users\Anthony's\Desktop\mbarw-setup-consumer-0.9.18.807.exe 2017-09-03 10:39 - 2017-09-03 10:39 - 000000000 ____D C:\Users\Anthony's\AppData\Local\NetworkTiles 2017-08-29 19:33 - 2017-08-29 19:33 - 012632016 _____ (McAfee, Inc.) C:\Users\Anthony's\Downloads\Setup_serial_fxwWmFXyY9P0QmZd7guceA2_key_affid_1249_akey.exe 2017-08-27 12:00 - 2017-08-27 12:00 - 000000000 ____D C:\Users\Anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter 2017-08-27 11:38 - 2017-08-27 11:38 - 000000000 ____C C:\autoexec.bat 2017-08-27 10:46 - 2017-08-27 10:54 - 000147844 _____ C:\WINDOWS\ntbtlog.txt 2017-08-27 10:19 - 2017-09-03 12:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-08-27 10:19 - 2017-09-03 11:06 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-27 10:18 - 2017-09-02 20:43 - 000000000 ____D C:\Users\Anthony's\Desktop\mmmm 2017-08-27 10:16 - 2017-09-03 12:48 - 000000559 _____ C:\Users\Anthony's\Desktop\JRT.txt 2017-08-26 21:17 - 2017-08-26 21:17 - 000000000 ____D C:\Users\Anthony's\AppData\Local\AVG Netherlands BV 2017-08-26 21:09 - 2017-09-03 11:10 - 000000000 ____D C:\Program Files (x86)\AVG 2017-08-26 21:02 - 2017-08-26 21:02 - 000658797 _____ (SQLite Development Team) C:\WINDOWS\sqlite3.dll 2017-08-26 21:02 - 2017-08-26 21:02 - 000000000 ____D C:\Users\Anthony's\AppData\Roaming\McAfee TechCheck 2017-08-26 15:36 - 2017-09-03 10:33 - 000000000 ____D C:\WINDOWS\pss 2017-08-26 15:36 - 2017-09-03 10:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-08-21 21:44 - 2017-08-21 21:44 - 000000000 ____D C:\ProgramData\VS Revo Group 2017-08-21 21:00 - 2017-08-21 21:00 - 000000000 __HDC C:\$AV_AVG 2017-08-21 20:58 - 2017-08-21 20:58 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2017-08-21 20:58 - 2017-08-21 20:58 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\TileDataLayer 2017-08-21 20:26 - 2017-08-21 20:26 - 000001291 _____ C:\Users\Anthony's\Desktop\Google Chrome.lnk 2017-08-15 23:40 - 2017-08-15 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-08-15 23:39 - 2017-08-15 23:39 - 000001396 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-08-15 23:39 - 2017-08-15 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-08-15 23:39 - 2017-08-15 23:39 - 000000000 ____D C:\Program Files\iPod 2017-08-13 20:33 - 2017-08-13 20:33 - 000002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trading Paints.lnk 2017-08-13 20:33 - 2017-08-13 20:33 - 000002188 _____ C:\Users\Public\Desktop\Trading Paints.lnk 2017-08-13 20:33 - 2017-08-13 20:33 - 000002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TP Updater.lnk 2017-08-13 20:33 - 2017-08-13 20:33 - 000000000 ____D C:\Program Files (x86)\Rhinode LLC 2017-08-09 22:25 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-08-09 22:25 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2017-08-09 22:25 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-08-09 22:25 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-08-09 22:25 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-08-09 22:25 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-08-09 22:25 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-08-09 22:25 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-08-09 22:25 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-08-09 22:25 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-08-09 22:25 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-08-09 22:25 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-08-09 22:25 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2017-08-09 22:25 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-08-09 22:25 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-08-09 22:25 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-08-09 22:25 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-08-09 22:25 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-08-09 22:25 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-08-09 22:25 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-08-09 22:25 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-08-09 22:25 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-08-09 22:25 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-08-09 22:25 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-08-09 22:25 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-08-09 22:25 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-08-09 22:25 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-08-09 22:25 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-08-09 22:25 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-08-09 22:25 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-08-09 22:25 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-08-09 22:25 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-08-09 22:25 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-08-09 22:25 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-08-09 22:25 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-08-09 22:25 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll 2017-08-09 22:25 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-08-09 22:25 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-08-09 22:25 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-08-09 22:25 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-08-09 22:25 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-08-09 22:25 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-08-09 22:25 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2017-08-09 22:25 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-08-09 22:25 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-08-09 22:25 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-08-09 22:25 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-08-09 22:25 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-08-09 22:25 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-08-09 22:25 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-08-09 22:25 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-08-09 22:25 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-08-09 22:25 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-08-09 22:25 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-08-09 22:25 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-08-09 22:25 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-08-09 22:25 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-08-09 22:25 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-08-09 22:25 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-08-09 22:25 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-08-09 22:25 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2017-08-09 22:25 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-08-09 22:25 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-08-09 22:25 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-08-09 22:25 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2017-08-09 22:25 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2017-08-09 22:25 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-08-09 22:25 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-08-09 22:25 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2017-08-09 22:25 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-08-09 22:25 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-08-09 22:25 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-08-09 22:25 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-08-09 22:25 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-08-09 22:25 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-08-09 22:25 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-08-09 22:25 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-08-09 22:25 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-08-09 22:25 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-08-09 22:25 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-08-09 22:25 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-08-09 22:25 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-08-09 22:25 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-08-09 22:25 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-08-09 22:25 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-08-09 22:25 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-08-09 22:25 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-08-09 22:25 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-08-09 22:25 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-08-09 22:25 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2017-08-09 22:25 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2017-08-09 22:25 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-08-09 22:25 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2017-08-09 22:25 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2017-08-09 22:25 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-08-09 22:25 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-08-09 22:25 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-08-09 22:25 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-08-09 22:25 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-08-09 22:25 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2017-08-09 22:25 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2017-08-09 22:25 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-08-09 22:25 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-08-09 22:25 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2017-08-09 22:25 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-08-09 22:25 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-08-09 22:25 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2017-08-09 22:25 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-08-09 22:25 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-08-09 22:25 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-08-09 22:25 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-08-09 22:25 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-08-09 22:25 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-08-09 22:25 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-08-09 22:25 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-08-09 22:25 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2017-08-09 22:25 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll 2017-08-09 22:25 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-08-09 22:25 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-08-09 22:25 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-08-09 22:25 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll 2017-08-09 22:25 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-08-09 22:25 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-08-09 22:25 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2017-08-09 22:25 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-08-09 22:25 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-08-09 22:25 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-08-09 22:25 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-08-09 22:25 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-08-09 22:25 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2017-08-09 22:25 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-08-09 22:25 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-08-09 22:25 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2017-08-09 22:25 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-08-09 22:25 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2017-08-09 22:25 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll 2017-08-09 22:25 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-08-09 22:25 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll 2017-08-09 22:25 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-08-09 22:25 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-08-09 22:25 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2017-08-09 22:25 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2017-08-09 22:25 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll 2017-08-09 22:25 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-08-09 22:25 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2017-08-09 22:25 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2017-08-09 22:25 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll 2017-08-09 22:25 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-08-09 22:25 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe 2017-08-09 22:25 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2017-08-09 22:25 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll 2017-08-09 22:25 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2017-08-09 22:25 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll 2017-08-09 22:25 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2017-08-09 22:25 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-08-09 22:25 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-08-09 22:25 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2017-08-09 22:25 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2017-08-09 22:25 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-08-09 22:25 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-08-09 22:25 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-08-09 22:25 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2017-08-09 22:25 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2017-08-09 22:25 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-08-09 22:25 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2017-08-09 22:25 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-08-09 22:25 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll 2017-08-09 22:25 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll 2017-08-09 22:25 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2017-08-09 22:25 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-08-09 22:25 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-08-09 22:25 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-08-09 22:25 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-08-09 22:25 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2017-08-09 22:25 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-08-09 22:25 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2017-08-09 22:25 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-08-09 22:25 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2017-08-09 22:25 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-08-09 22:25 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-08-09 22:25 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-08-09 22:25 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-08-09 22:25 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll 2017-08-09 22:25 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-08-09 22:25 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-08-09 22:25 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-08-09 22:25 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll 2017-08-09 22:25 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2017-08-09 22:25 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-08-09 22:25 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-08-09 22:25 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-08-09 22:25 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-08-09 22:25 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-08-09 22:25 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-08-09 22:25 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-08-09 22:25 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-08-09 22:25 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-08-09 22:25 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-08-09 22:25 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-08-09 22:25 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-08-09 22:25 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-08-09 22:25 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-08-09 22:25 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-08-09 22:25 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll 2017-08-09 22:25 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-08-09 22:25 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-08-09 22:25 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2017-08-09 22:25 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2017-08-09 22:25 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2017-08-09 22:25 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2017-08-09 22:25 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2017-08-09 22:25 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2017-08-09 22:25 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll 2017-08-09 22:25 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-08-09 22:25 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-08-09 22:25 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-08-09 22:25 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-08-09 22:25 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-08-09 22:25 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-08-09 22:25 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-08-09 22:25 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-08-09 22:25 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-08-09 22:25 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-08-09 22:25 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-08-09 22:25 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-08-09 22:25 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-08-09 22:25 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-03 12:49 - 2017-05-30 20:17 - 001686984 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-03 12:47 - 2016-03-14 21:14 - 000000000 ___RD C:\Users\Anthony's\OneDrive 2017-09-03 12:44 - 2017-05-30 20:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-03 12:44 - 2017-05-30 20:16 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-09-03 12:44 - 2017-05-04 21:51 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat 2017-09-03 12:44 - 2017-05-04 21:50 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2017-09-03 12:44 - 2017-03-18 07:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-09-03 12:14 - 2016-02-28 09:10 - 000000000 ____D C:\Users\Anthony's\AppData\Roaming\Raptr 2017-09-03 12:00 - 2017-03-18 07:40 - 019398656 _____ C:\WINDOWS\system32\config\HARDWARE 2017-09-03 11:57 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2017-09-03 11:48 - 2017-05-30 20:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-03 11:10 - 2016-03-11 12:03 - 000000000 ____D C:\Users\Anthony's\AppData\Roaming\AVG 2017-09-03 11:10 - 2016-03-11 11:59 - 000000000 ____D C:\ProgramData\Avg 2017-09-03 11:09 - 2016-03-11 11:59 - 000000000 ____D C:\Users\Anthony's\AppData\Local\AvgSetupLog 2017-09-03 11:05 - 2016-04-15 20:27 - 000000000 ____D C:\Users\Anthony's\AppData\LocalLow\Temp 2017-09-03 10:53 - 2017-05-30 20:17 - 000000000 ____D C:\Users\Anthony's 2017-09-03 10:43 - 2016-06-06 10:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-09-03 10:41 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-03 10:41 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-02 17:41 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-09-02 16:49 - 2017-07-26 20:45 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2064115843-3549032538-1161031408-1000 2017-09-02 16:49 - 2017-05-30 20:21 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-09-02 16:49 - 2017-05-30 20:21 - 000002698 _____ C:\WINDOWS\System32\Tasks\D3DGearRawFrameCaptureTask 2017-09-02 16:45 - 2016-03-14 21:12 - 000000000 ____D C:\Users\Anthony's\AppData\Local\Packages 2017-09-02 16:26 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF 2017-08-29 18:51 - 2016-02-28 08:53 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 18:51 - 2016-02-28 08:53 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-27 12:02 - 2016-04-15 16:04 - 000001272 _____ C:\Users\Anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk 2017-08-27 11:20 - 2017-02-26 11:35 - 000000000 ____D C:\Users\Anthony's\AppData\Local\ElevatedDiagnostics 2017-08-27 09:59 - 2016-02-28 08:58 - 000000000 ____D C:\Temp 2017-08-27 09:34 - 2017-05-30 20:17 - 000000000 ____D C:\Users\DefaultAppPool 2017-08-26 21:14 - 2017-05-29 22:13 - 000000000 ___DC C:\WINDOWS\Panther 2017-08-26 21:14 - 2017-03-18 07:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2017-08-26 17:03 - 2016-08-07 20:27 - 000000000 ___RD C:\Users\Anthony's\iCloudDrive 2017-08-21 21:06 - 2017-02-26 12:25 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-08-21 20:58 - 2016-03-11 11:59 - 000000000 ____D C:\Users\Anthony's\AppData\Local\Avg 2017-08-18 22:20 - 2016-03-15 10:58 - 000731688 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2017-08-17 16:26 - 2016-02-28 09:40 - 000544424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-08-16 22:28 - 2017-03-18 21:33 - 000000000 ____D C:\Users\Anthony's\Documents\iRacing 2017-08-13 21:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache 2017-08-13 20:55 - 2016-10-24 15:36 - 000000000 ____D C:\Users\Anthony's\AppData\Roaming\TradingPaints Downloader 2017-08-13 20:00 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-10 00:07 - 2017-05-30 20:15 - 000217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-08-10 00:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-08-09 22:27 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-08-09 22:26 - 2016-02-28 09:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-08-09 22:26 - 2016-02-28 09:51 - 000000000 ____D C:\WINDOWS\system32\MRT ==================== Files in the root of some directories ======= 2017-03-31 09:44 - 2017-03-31 09:44 - 000004145 _____ () C:\ProgramData\cgbpfizu.hkv 2017-04-23 11:28 - 2017-05-09 10:37 - 000000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-03 11:48 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by Anthony's (03-09-2017 13:05:06) Running from C:\Users\Anthony's\Desktop Windows 10 Home Version 1703 (X64) (2017-05-31 00:22:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2064115843-3549032538-1161031408-500 - Administrator - Disabled) Anthony's (S-1-5-21-2064115843-3549032538-1161031408-1000 - Administrator - Enabled) => C:\Users\Anthony's DefaultAccount (S-1-5-21-2064115843-3549032538-1161031408-503 - Limited - Disabled) Guest (S-1-5-21-2064115843-3549032538-1161031408-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACP Application (HKLM\...\{FA7CE433-07BF-2F80-58E0-3C21B4C62A7F}) (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden Acronis True Image 2015 (HKLM-x32\...\{2E51FA82-585D-42B4-B465-A4160DAD4A26}) (Version: 18.0.4061 - Acronis) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI Partition Assistant Standard Edition 6.3 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.) Asus Sonic Suite Plugins (HKLM-x32\...\{3c798a4a-1fb6-4557-9129-a66200b5b602}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{3EBEDB29-55E2-566D-60DF-B1E3E19CF45A}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{0C9E31CC-5FF3-39A7-6366-9DB37D865546}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{7F0BB970-CBF2-839E-5281-167CAB9EB07F}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{54687239-A622-CE15-9C83-2525B4700324}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{BB46E03D-3E92-3CB3-FF3E-219110A0332C}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{73AAB847-E2FE-1090-A19E-912C63896A19}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{AF83A15E-3581-4430-2B8B-A64634CCB286}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{E74818D0-5034-B579-63CC-2C31EA179935}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{A7AA44BA-8F91-0959-FDCF-60C7B058D754}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{069D5C69-681E-8BD5-243E-E5849F1D184E}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{993286A0-E0F9-8B5E-C6B9-5FFADDA5E69F}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{9177BB9D-5C7E-471A-502F-8D6B221939D5}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{6C92E3FC-B576-11C9-2206-2A45B5059822}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{DA3D00B2-DBB2-5D44-D65D-E010FFBE6DA0}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{F350F056-8828-A715-E2EB-8666C7420B99}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{AF609EEA-30D0-27F0-F251-69C764087E29}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{590584C8-58D6-E988-E13F-E54FC50354E9}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{097BA659-9737-C7FF-DAD7-392F90287793}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{2C8A5F55-1CE7-13D6-2080-D68ACC6AE843}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{C9ACC58F-A71F-51FF-A462-E41D99EA0C8E}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{41314F5E-D270-001F-C2B6-02285701B9C6}) (Version: 2017.0502.1417.23881 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden CheckDevicesConfigurator (HKLM\...\{95A9E15D-F4A5-444E-9983-75750B69E306}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.42.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Fanatec Wheel (HKLM\...\{AA0C07E6-7803-405A-BBF3-DDE0FA2D9A23}) (Version: 8.23.1 - Endor AG Fanatec) Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1141 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation) iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0613 - iRacing.com Motorsport Simulations) iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.) Jimmie Johnson Spotter Pack v6.60 (HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\Jimmie Johnson Spotter Pack v6.60) (Version: - ) Jimmie Johnson Spotter-Cuss Pack v6.60 (HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\Jimmie Johnson Spotter-Cuss Pack v6.60) (Version: - ) LauncherSetup (HKLM\...\{3685F359-0D53-487E-BBE6-ADCD15ED8053}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Hidden Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) NahimicSettingsConfigurator (HKLM\...\{9C0FFA8C-1B4B-44EB-9FAA-EFB40D539602}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) ProductDaemonSetup (HKLM\...\{00AECBAF-927B-4EC3-BC62-5A10706EF9CE}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Hidden Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.9-r122712-release - Raptr, Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) SonicRadarSetup (HKLM\...\{9ACD0C3B-96B5-465C-8033-7DFED78F40CC}) (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden SonicStudioSetup (HKLM\...\{DBD2373F-FBEA-45B0-A43E-DCC0FB9CE8B8}) (Version: 2.2.701 - ASUSTeKcomputer.Inc) Hidden SVLoadSense (HKLM-x32\...\{C4226734-F925-448C-8F15-0D5419F003DF}) (Version: 1.0.10 - SAVITECH) Trading Paints (HKLM-x32\...\{8C7A090D-D081-4DC4-BA8B-18204E015DB0}) (Version: 1.4.4 - Rhinode LLC) Trading Paints (HKLM-x32\...\{DC5089FC-B422-44E8-8FDE-26D5A1F53614}) (Version: 2.0.9 - Rhinode LLC) VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.) ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-05-02] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02E185A9-1B66-4B84-9CAE-ED4845AFB7FE} - System32\Tasks\{169B9CFA-A7F5-4D3B-BCF4-B88D5F46F337} => C:\Windows\system32\pcalua.exe -a D:\EasyAntiCheat\EasyAntiCheat_Setup.exe -d D:\EasyAntiCheat -c install 36 Task: {0846535B-CDA9-4E72-9ADF-9533619954F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {09CED0DD-737C-4DBE-A530-D9D7663B99CF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0E7144E8-C0CA-4745-8ED5-88808EE480DD} - System32\Tasks\EPSON XP-610 Series Update {CF72E48A-883E-4B00-96A1-64B9F9197469} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION) Task: {17E1C3BC-9E9B-4D4A-BDA4-1DCF2C710F66} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1AFCDAE3-C41F-47D2-845E-31DE4FEB9D76} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {1D9A6A3A-9A39-465C-8EB0-E790A96D1A86} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1E1D1997-97D9-4934-A86F-EF1D51F1BB03} - System32\Tasks\{7632B2AD-521B-4B3D-8AC8-B4EBB64C592A} => C:\Windows\system32\pcalua.exe -a D:\msvc\vcredist_x86.exe -d D:\msvc Task: {29AEA6E2-AC35-48B4-B41A-954F360B0563} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30D90238-AE27-4BAA-8CE1-B002F7E528DC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {31015D73-D03B-41DC-8AD0-AE9A3730B5F4} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-05-02] (Advanced Micro Devices, Inc.) Task: {333EC640-E1C4-4D16-8E58-C7B9EA0FC2CE} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab0fe8b6cf9b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.) Task: {334D1193-FA1B-4AD8-B558-284C9D1E0EB7} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2015-07-20] () Task: {3590993E-6959-4A1E-AA46-4227086A0E21} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {3B47B45B-455B-4FC9-86C2-89E4BF99462F} - \5663639 -> No File <==== ATTENTION Task: {425B782D-BA38-43ED-AD2D-0D15C9136C9A} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2015-07-20] () Task: {43D6FBA7-161F-4F66-9748-B9DBBABE403B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {45884280-19D5-4839-8946-2B8F769FCF69} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {488CF377-B7BB-4286-A7AB-86A535038C1E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4AB77F00-440F-424B-BAD8-EDC8CE854D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {5F600572-9D68-4698-9A40-F5073667BE34} - System32\Tasks\EPSON XP-610 Series Invitation {CF72E48A-883E-4B00-96A1-64B9F9197469} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION) Task: {6184D183-3048-4F08-A642-D9A2508A5C22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-28] (Adobe Systems Incorporated) Task: {6368A106-9FBC-42F8-986F-E6C7286EDEB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {659E734B-F36A-4BE9-ABAC-5B5D75EA4763} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] () Task: {6D6E43A4-4FA1-4157-B031-619C75E38526} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6FFD26B3-4BF7-4A8F-9A1F-D05BC09F085C} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2015-07-20] () Task: {70D9DAA3-2700-4CDB-8F5A-F28A78941893} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7183B7EA-EF9B-4D4A-9EDE-A170629E89E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {71C1FB0E-693D-4605-9413-CA45CA64C2F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {75F66399-B315-4151-87C8-7047C2967E2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {7767C981-682E-4292-AEBA-88038DAE62CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {77683897-4B55-4E24-B324-B60B0EE9201D} - System32\Tasks\D3DGearRawFrameCaptureTask => D:\Program Files (x86)\iRacing\d3dGear.exe [2017-06-06] (D3DGear Technologies.) Task: {786C5D20-AA80-4FAD-A0EB-759DD935FB93} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {794913CB-518A-4F19-9869-B44AEDE638FA} - System32\Tasks\{6679FF98-0E3C-4890-98C9-16D09F78C840} => D:\iRacingService.exe Task: {79B3EC67-0D5C-4318-81E6-0572DE34F884} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.) Task: {7F0D8FCC-801B-475F-9121-6EBE8BB41F5E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {818D94C6-F2DA-4FB3-90D3-D452461D5DA1} - System32\Tasks\{A21D9C5A-CF1C-4E2C-9EBE-1A575954C40D} => C:\WINDOWS\system32\pcalua.exe -a D:\iTunes\iTunes.exe -d D:\iTunes Task: {818F26BC-34D2-4222-BD0B-D419AC22A09D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {830C49DE-7867-4539-9265-E015F70256C6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A411E90D-07FC-4E40-885D-A1040F13DE7D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {B53BE09B-D6B9-4CE9-B57E-DD246FAC7E37} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BE5418CD-6F56-4E2F-8CF3-C246D019B7C2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {C1B56013-BC79-4028-BEC3-FF4125964B16} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {CAA02792-36C9-4531-9573-E9FF379867DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {CAAADEDB-3110-4058-9807-FF8303B004EE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D5D94535-6E94-4BD2-9A36-0AE342FE2F0A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0fe8b0b443 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.) Task: {DAED514D-7125-4181-8F1E-3381A5DCD073} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {DB03EB5E-CECF-4A3A-A7F9-9F18FB0A1785} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {E1FE4D07-EE21-49C7-A022-978218AAF278} - \8713397 -> No File <==== ATTENTION Task: {E26508B0-BA60-42B9-A8A9-954B7028FCBF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E89D5CD9-C889-4931-867E-1744BF2ECACC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.) Task: {EC8078F6-B534-4AB4-A234-DCE3F136E6A8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {ED7CDC7D-30DA-4F60-9B46-4681E280051D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {EDE77329-76AC-4C78-8363-AD764CDCC22B} - System32\Tasks\{EBE8A03D-07D3-48B2-A430-C5C8AF1BDC67} => D:\iRacingService.exe Task: {EF4B1D8D-725D-46D1-8423-7FBA461F7839} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F0D33643-5F38-4F29-A803-3604E48B2577} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F1CDC794-9FA0-4984-8858-8BA21744749E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F6FD1FC2-14E0-4A95-9EA5-ABC2F23EA446} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CF72E48A-883E-4B00-96A1-64B9F9197469}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CF72E48A-883E-4B00-96A1-64B9F9197469}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{CF72E48A-883E-4B00-96A1-64B9F9197469} /F:UpdateWORKGROUP\ANTHONYS-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-08 02:26 - 2015-05-08 02:26 - 000936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2016-02-28 08:58 - 2014-04-24 02:29 - 001360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2015-11-20 17:44 - 2015-11-20 17:44 - 000235520 _____ () C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe 2017-09-03 12:10 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-26 15:02 - 2017-08-26 15:03 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-26 15:02 - 2017-08-26 15:03 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-26 15:02 - 2017-08-26 15:03 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-26 15:02 - 2017-08-26 15:03 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2016-02-28 08:57 - 2014-05-22 04:24 - 000096568 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll 2017-03-16 17:15 - 2017-03-16 17:15 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe 2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe 2017-05-30 20:55 - 2017-05-30 20:55 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-08-26 15:03 - 2017-08-26 15:03 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-08-26 15:03 - 2017-08-26 15:03 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-08-26 15:02 - 2017-08-26 15:02 - 024502272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe 2017-08-26 15:02 - 2017-08-26 15:02 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-08-08 09:08 - 2017-08-08 09:08 - 003544488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2016-02-28 08:58 - 2017-09-03 12:44 - 000042640 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2016-02-28 08:58 - 2015-05-08 02:26 - 000104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2017-05-04 21:51 - 2017-03-25 16:28 - 000954216 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000331632 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000253808 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000143208 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000360296 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000040808 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000495472 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll 2017-05-04 21:51 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000298856 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000130920 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000171888 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll 2017-05-04 21:51 - 2017-03-25 16:28 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll 2017-05-04 21:51 - 2017-03-25 16:27 - 000188264 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll 2015-06-02 05:18 - 2015-06-02 05:18 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-07-23 18:06 - 2015-07-23 18:06 - 000034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2015-07-23 18:13 - 2015-07-23 18:13 - 000420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2015-07-23 18:07 - 2015-07-23 18:07 - 000129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll 2014-09-09 11:00 - 2014-09-09 11:00 - 000023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2017-09-03 12:13 - 000000850 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\Control Panel\Desktop\\Wallpaper -> c:\users\anthony's\desktop\2.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "AvgUi" HKLM\...\StartupApproved\Run: => "AVGUI.exe" HKLM\...\StartupApproved\Run32: => "SVLoadSense" HKLM\...\StartupApproved\Run32: => "USB3MON" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "ABNotify" HKLM\...\StartupApproved\Run32: => "imepibw.exe" HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\StartupApproved\Run: => "iCloudDrive" HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\...\StartupApproved\Run: => "iCloudPhotos" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4E0CF5A1-EB79-4620-9051-6D707DFBD2F2}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe FirewallRules: [{E233DE6D-7E8B-4311-82D3-A7848A8576D9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe FirewallRules: [{EDC5AD98-D643-4247-8D4A-C17ECE544367}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe FirewallRules: [{47C0F99E-5AC8-47FC-A9C8-29C8A24F318D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe FirewallRules: [{4F85BF49-B48B-4B2B-A4B8-610230A145DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{B4377A2A-9728-4642-9BA9-68D076CF905C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{98BFAB7E-1D18-436B-B933-100F1D6F634D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{A489EFC6-CA0B-46C0-88EA-BC463FE8F82B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CC90C327-FA91-4389-B0A3-17114E10A6CD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{28B8FB64-4FD7-470A-A0A2-C76AB8D54659}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{5A778C73-E559-461C-A94C-04BA3E0613EF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{EBC47AC1-EA29-419A-A503-0588D960EA02}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{22331517-BCBC-4F9C-8520-4384FF5B6CA2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{9FD54449-469D-42F5-B21D-5F568018B584}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{3B220F60-3ABA-4F38-9B1F-EE2B9AF25D2D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{F780B73D-2630-4229-943D-774BBCE2B072}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{C577D5AB-E44B-42FF-BA5B-442AE053DF7E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{239C8EEF-AFF3-4D94-A391-B899E3CE41CB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{D1598E45-B420-4E19-9132-F871271137D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A114C9AF-043B-4106-974B-14ABE16E060E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2ADDED9B-742A-4556-80C8-D659DD163DBB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C92B7D8F-C8AD-43F1-B6F3-DD8EDB1C882C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{66036DFB-0E84-43FF-AF73-195122486B36}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{AB7B878B-9CB0-4E53-9FE4-9E882FC12657}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{AFA8A05E-1D46-4764-B948-BC49A1F86F68}] => (Allow) D:\iTunes.exe FirewallRules: [{14164007-B7D5-470F-86D8-7A4D6CE01602}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{024B9B1B-53BF-4F36-987C-96D8D2E31510}] => (Allow) C:\Program Files (x86)\Ostracized\tanager.exe ==================== Restore Points ========================= 20-08-2017 20:41:38 Scheduled Checkpoint 21-08-2017 21:45:14 Revo Uninstaller Pro's restore point - SearchAwesome 21-08-2017 21:46:16 Revo Uninstaller Pro's restore point - SearchAwesome 21-08-2017 21:47:09 Revo Uninstaller Pro's restore point - SearchAwesome 21-08-2017 21:47:40 Revo Uninstaller's restore point - SearchAwesome 21-08-2017 21:48:15 Revo Uninstaller's restore point - SearchAwesome 27-08-2017 09:50:00 Reimage Repair Restore Point 03-09-2017 11:11:32 Removed AVG Driver Updater 03-09-2017 12:47:28 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/03/2017 01:04:12 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 01:04:03 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 01:01:02 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 01:00:52 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 01:00:41 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 12:56:23 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 12:55:07 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 12:50:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 12:49:11 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (09/03/2017 12:48:56 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error System errors: ============= Error: (09/03/2017 12:44:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (09/03/2017 12:44:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (09/03/2017 12:44:52 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Acronis Sync Agent Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The GoPro Device Detection Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iRacing.com Helper Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The ASP.NET State Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (09/03/2017 12:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EpsonCustomerResearchParticipation service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-09-03 12:50:38.732 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:48:55.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:48:51.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:48:51.327 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:46:09.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:45:19.692 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:45:19.575 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:41:42.436 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:40:22.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-09-03 12:14:47.465 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz Percentage of memory in use: 14% Total physical RAM: 16313.93 MB Available physical RAM: 13882.03 MB Total Virtual: 32697.93 MB Available Virtual: 30127.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.54 GB) (Free:143.17 GB) NTFS Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:400.39 GB) NTFS Drive f: (RECOVERY) (Removable) (Total:28.62 GB) (Free:23.14 GB) FAT32 Drive g: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==>[system with boot components (obtained from drive)] Drive h: () (Fixed) (Total:55.8 GB) (Free:54.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 69C33729) Partition 1: (Active) - (Size=100 MB) - (Type=0B) Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6945C4A1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 223.6 GB) (Disk ID: 10851603) Partition 1: (Active) - (Size=600 MB) - (Type=0B) Partition 2: (Not Active) - (Size=222.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 28.6 GB) (Disk ID: 24B6962C) Partition 1: (Active) - (Size=28.6 GB) - (Type=0C) ==================== End of Addition.txt ============================
-
Attached are the two logs that you requested. Again, I really appreciate your help with this. # AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 03 16:43:52 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Default\AppData\Local\avg web tuneup Deleted: C:\Users\Default User\AppData\Local\avg web tuneup Deleted: C:\Program Files\Enigma Software Group Deleted: C:\Users\Anthony's\AppData\Roaming\Enigma Software Group Deleted: C:\Users\Anthony's\AppData\Local\slimware utilities inc Deleted: C:\Users\Anthony's\AppData\Local\SlimWare Utilities Inc ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com Deleted: [Key] - HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\Software\APN PIP Deleted: [Key] - HKCU\Software\APN PIP Deleted: [Key] - HKLM\SOFTWARE\Reimage Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc Deleted: [Key] - HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\Software\SlimWare Utilities Inc Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [3656 B] - [2017/9/3 16:41:59] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Home x64 Ran by Anthony's (Administrator) on Sun 09/03/2017 at 12:47:27.37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 09/03/2017 at 12:48:37.18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
The scan completed (way faster than I thought it was going to - hopefully I didn't miss a step). Below are the items copied from my clipboard. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/3/17 Scan Time: 12:12 PM Log File: a50e3d00-90c2-11e7-858d-305a3a007a76.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2718 License: Trial -System Information- OS: Windows 10 (Build 15063.540) CPU: x64 File System: NTFS User: ANTHONYS-PC\Anthony's -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 381774 Threats Detected: 91 Threats Quarantined: 91 Time Elapsed: 0 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 42 Adware.DotDo.DotPrx, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [8257], [-1],0.0.0 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1050], [327193],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Quarantined, [1050], [327197],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Quarantined, [1050], [327193],1.0.2718 PUP.Optional.Reimage, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarantined, [1050], [327203],1.0.2718 PUP.Optional.RegHunter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegHunter, Quarantined, [954], [331721],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\22293190, Quarantined, [8257], [397745],1.0.2718 PUP.Optional.Reimage, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\REIMAGE\PC REPAIR, Quarantined, [1050], [327204],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\5663639, Quarantined, [8257], [408186],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarantined, [1050], [327193],1.0.2718 PUP.Optional.SmartSystemCare, HKLM\SOFTWARE\ssc-pr, Quarantined, [1292], [370120],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\8713397, Quarantined, [8257], [408186],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba2229319022293190, Quarantined, [8257], [409656],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarantined, [1050], [327200],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba56636395663639, Quarantined, [8257], [397885],1.0.2718 PUP.Optional.Reimage, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\Reimage, Quarantined, [1050], [357494],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ba87133978713397, Quarantined, [8257], [397885],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Quarantined, [1050], [332504],1.0.2718 PUP.Optional.SpyHunter, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0099D381-E358-4049-A0A1-B0FA9E0AC26B}, Quarantined, [927], [332366],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2A3C6203-FDC4-4497-83B4-D848C2D928D4}, Quarantined, [8257], [397773],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{93ACBFEE-AF38-40A7-9903-15EF3E2432EC}, Quarantined, [8257], [397773],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9752B6D5-4773-4EEB-B65E-98F3BC2842DA}, Quarantined, [8257], [407483],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AF33F356-BD7C-4883-BD6D-4DDC58037897}, Quarantined, [8257], [409657],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarantined, [1050], [327200],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reimage Repair, Quarantined, [1050], [327201],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarantined, [1050], [336077],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1050], [332494],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1050], [332494],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Quarantined, [1050], [332494],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Quarantined, [1050], [327206],1.0.2718 Registry Value: 13 Adware.DotDo.DotPrx, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8257], [-1],0.0.0 Adware.DotDo.DotPrx, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8257], [-1],0.0.0 Adware.DotDo.DotPrx, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8257], [-1],0.0.0 PUP.Optional.Reimage, HKU\S-1-5-21-2064115843-3549032538-1161031408-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarantined, [1050], [327204],1.0.2718 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|WINDOWSFILEOPENER.DAT, Quarantined, [1316], [333218],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, Quarantined, [1050], [327200],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Quarantined, [1050], [332504],1.0.2718 PUP.Optional.SpyHunter, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0099D381-E358-4049-A0A1-B0FA9E0AC26B}|PATH, Quarantined, [927], [332366],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2A3C6203-FDC4-4497-83B4-D848C2D928D4}|PATH, Quarantined, [8257], [397773],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{93ACBFEE-AF38-40A7-9903-15EF3E2432EC}|PATH, Quarantined, [8257], [397773],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9752B6D5-4773-4EEB-B65E-98F3BC2842DA}|PATH, Quarantined, [8257], [407483],1.0.2718 Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AF33F356-BD7C-4883-BD6D-4DDC58037897}|PATH, Quarantined, [8257], [409657],1.0.2718 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, Quarantined, [1050], [327200],1.0.2718 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\locales, Quarantined, [1366], [431044],1.0.2718 File: 35 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\22293190, Quarantined, [8257], [410000],1.0.2718 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\5663639, Quarantined, [8257], [408951],1.0.2718 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\8713397, Quarantined, [8257], [408951],1.0.2718 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\ba2229319022293190, Quarantined, [8257], [409999],1.0.2718 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\ba56636395663639, Quarantined, [8257], [397772],1.0.2718 Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\ba87133978713397, Quarantined, [8257], [397772],1.0.2718 Adware.Yelloader, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\imepibw\cef.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\locales\en-US.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\locales\zh-CN.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\cef_100_percent.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\cef_200_percent.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\cef_extensions.pak, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\icudtl.dat, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\imepibw.exe, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\libcef.dll, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\libEGL.dll, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\libGLESv2.dll, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\natives_blob.bin, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\snapshot_blob.bin, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\vgapcjd.exe, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\widevinecdm.dll, Quarantined, [1366], [431044],1.0.2718 Adware.Yelloader, C:\Windows\System32\config\systemprofile\AppData\Local\imepibw\widevinecdmadapter.dll, Quarantined, [1366], [431044],1.0.2718 PUP.Optional.RegHunter, C:\USERS\ANTHONY'S\APPDATA\ROAMING\ENIGMA SOFTWARE GROUP\RH_INSTALLER.EXE, Quarantined, [954], [331721],1.0.2718 PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [2796], [352008],1.0.2718 PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [2796], [352008],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2718 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365175],1.0.2718 Physical Sector: 0 (No malicious items detected) (end)
-
Aura, Thank you so much for taking the time to help me with this. I ran FRST from the recovery environment and attached the log. Fixlog.txt
-
Hello, Somehow I ended up with the "Requested Resource in use" error and cannot get rid of it. I can't run Malwarebytes and when I tried the anti-rootkit version it says the DDA driver can't load; even after a reboot. I created a bootable Windows 10 thumb drive to get to the recovery environment and ran FRST. I attached the log to see if anybody could help me get rid of this virus/trojan/rootkit/whatever it is. Thank you so much for any help you are able to provide. FRST.txt