Karu Posted September 14, 2016 ID:1061891 Share Posted September 14, 2016 So.. I just now started getting links and pop ups in Chrome. I have MalwareBytes on so it's been blocking them. Here are the FRST and Addition logs. Attached screenshots of what happens in Chrome. Thank you for all your help --- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016 Ran by ryuse (administrator) on DESKTOP-1GGCVMD (14-09-2016 17:33:45) Running from C:\Users\ryuse\Downloads Loaded Profiles: ryuse (Available Profiles: ryuse) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Hammer & Chisel, Inc.) C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\Discord.exe (Hammer & Chisel, Inc.) C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hammer & Chisel, Inc.) C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\Discord.exe (Droplr) C:\Program Files\Droplr\Droplr.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (The CefSharp Authors) C:\Program Files\Droplr\CefSharp.BrowserSubprocess.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe (Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SYSTEMAX Software Development Inc.) C:\PaintToolSAI\sai.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-07-26] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15853176 2016-08-03] (Logitech Inc.) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1161240 2016-05-22] (Highresolution Enterprises) HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2916160 2015-09-21] (Corsair Components, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25347616 2016-09-12] (Dropbox, Inc.) HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [Discord] => C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [Droplr] => C:\Program Files\Droplr\Droplr.exe [747520 2016-08-10] (Droplr) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Run: [GoogleChromeAutoLaunch_03DCC2075AA3EDC6B53EB588755C9451] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1152840 2016-08-02] (Google Inc.) HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\RunOnce: [Uninstall C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-07-25] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-25] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2016-07-25] ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{2d77b947-a2b9-4b5c-a806-bb0ba9c449a8}: [DhcpNameServer] 75.75.75.75 75.75.76.76 ManualProxies: Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-25] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-07-25] (LastPass) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-25] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-07-25] (LastPass) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-07-25] (LastPass) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-07-25] (LastPass) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-07-25] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-07-26] () FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-07-25] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-25] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro PDF) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF user.js: detected! => C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\user.js [2016-07-28] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Extension: (All Aboard) - C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\Extensions\@all-aboard-v1 [2016-07-25] FF Extension: (Firefox Hotfix) - C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14] FF Extension: (LastPass) - C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\Extensions\support@lastpass.com [2016-09-14] FF Extension: (DownThemAll!) - C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-14] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-31] Chrome: ======= CHR HomePage: Default -> chrome-internal: CHR StartupUrls: Default -> "hxxp://pjj.cc/sri" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-25] CHR Extension: (BetterTTV) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-25] CHR Extension: (Google Docs) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-25] CHR Extension: (Google Drive) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-25] CHR Extension: (Destiny Item Manager) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2016-09-11] CHR Extension: (Sexy Undo Close Tab) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2016-09-04] CHR Extension: (Dark Skin for Youtube™) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2016-09-10] CHR Extension: (GPXPlus Notifier) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikgbcleglmoiiadddnnmmcekkfkhkdo [2016-07-25] CHR Extension: (YouTube) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-25] CHR Extension: (uBlock Origin) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-29] CHR Extension: (Tampermonkey) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08] CHR Extension: (Net Carb Recipe Calculator by KetoRecipes.com) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\diclaffmhpnmbfppleejadnangafkngh [2016-07-25] CHR Extension: (ProShow Web) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dildgliippfpbcinioeneaghbdbbdglo [2016-07-25] CHR Extension: (Adobe Acrobat) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-08] CHR Extension: (SimpleUndoClose) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhohdghchmjepmigjojkehidlielknj [2016-07-26] CHR Extension: (DarkBook - Dark Facebook™ Theme) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbhajnljmhgbaeecpfcgbcbkmjkeejnd [2016-09-09] CHR Extension: (Flix Plus by Lifehacker) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2016-08-15] CHR Extension: (Google Sheets) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-25] CHR Extension: (Neopets SDB Enhanced) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fneefihgecbpnkhpoimbhnobkbcfopdc [2016-07-25] CHR Extension: (Google Docs Offline) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-25] CHR Extension: (LastPass: Free Password Manager) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-26] CHR Extension: (Vector Paint) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo [2016-07-25] CHR Extension: (New XKit) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2016-07-25] CHR Extension: (Dropbox) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-07-25] CHR Extension: (FRQc - Flash Render Quality changer) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklnclajhlcbghmgkljidaofhcnmjffo [2016-07-25] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-30] CHR Extension: (Bookmark Checker) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2016-07-25] CHR Extension: (Harmony) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbibdblnnlapclckbdennhlbcnkkgcn [2016-07-25] CHR Extension: (Poppit!) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-07-25] CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-07-25] CHR Extension: (Flashcontrol) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-07-25] CHR Extension: (Google Mail Checker) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-07-25] CHR Extension: (deviantART muro) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2016-07-25] CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2016-09-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-25] CHR Extension: (Personal Blocklist (by Google)) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2016-07-25] CHR Extension: (Tumblr Savior) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2016-08-29] CHR Extension: (Checker Plus for Gmail™) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-08] CHR Extension: (ScriptSafe) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-07-25] CHR Extension: (Sinuous) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2016-07-25] CHR Extension: (MyFitnessPal Macro Percentages) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbleaijncdeibcohojngcbgeiphgohee [2016-07-25] CHR Extension: (Psykopaint) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-07-25] CHR Extension: (Gmail) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-25] CHR Extension: (Chrome Media Router) - C:\Users\ryuse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-549413429-2965258956-636684776-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980040 2016-09-01] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-28] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-28] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-12] (Windows (R) Win 7 DDK provider) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-03] (Logitech Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [742864 2016-03-21] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 GameKB; C:\Windows\system32\drivers\GameKB.sys [31232 2013-10-15] ( ) S3 LenovoYMouse; C:\Windows\system32\drivers\LenovoYMouse.sys [32776 2015-06-17] ( ) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-14] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [102864 2016-03-02] (Wacom Technology) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-14 17:33 - 2016-09-14 17:34 - 00035838 _____ C:\Users\ryuse\Downloads\FRST.txt 2016-09-14 17:33 - 2016-09-14 17:33 - 02398720 _____ (Farbar) C:\Users\ryuse\Downloads\FRST64.exe 2016-09-14 17:33 - 2016-09-14 17:33 - 00000000 ____D C:\FRST 2016-09-14 16:54 - 2016-09-14 16:55 - 00000000 ____D C:\Program Files\CCleaner 2016-09-14 16:54 - 2016-09-14 16:54 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-09-14 16:54 - 2016-09-14 16:54 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-09-14 16:54 - 2016-09-14 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-09-14 16:49 - 2016-09-14 16:54 - 08243736 _____ (Piriform Ltd) C:\Users\ryuse\Downloads\ccsetup522pro.exe 2016-09-14 16:47 - 2016-09-14 16:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-14 16:47 - 2016-09-14 16:47 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-14 16:47 - 2016-09-14 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-14 16:47 - 2016-09-14 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-14 16:47 - 2016-09-14 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-14 16:47 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-09-14 16:47 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-14 16:47 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-14 16:46 - 2016-09-14 16:47 - 22851472 _____ (Malwarebytes ) C:\Users\ryuse\Downloads\mbam-setup-web.NT-2.2.1.1043.exe 2016-09-14 15:08 - 2016-09-14 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-09-14 15:07 - 2016-09-14 15:07 - 00000000 ___HD C:\OneDriveTemp 2016-09-14 06:10 - 2016-09-14 06:10 - 01880064 _____ C:\Users\ryuse\Desktop\Isaac1.sai 2016-09-14 06:10 - 2016-09-14 06:10 - 00802816 _____ C:\Users\ryuse\Desktop\Isaac2.sai 2016-09-14 01:34 - 2016-09-14 01:34 - 00521976 _____ C:\Users\ryuse\Downloads\KrisDnD2.pdf 2016-09-13 20:13 - 2016-09-13 20:13 - 67867636 _____ C:\Users\ryuse\Downloads\PHB 3.5.pdf 2016-09-13 20:00 - 2016-09-13 22:03 - 00521889 _____ C:\Users\ryuse\Desktop\KrisDnD.pdf 2016-09-13 19:36 - 2016-09-07 00:49 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-09-13 19:36 - 2016-09-07 00:43 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-09-13 19:36 - 2016-09-07 00:41 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-09-13 19:36 - 2016-09-07 00:34 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-09-13 19:36 - 2016-09-07 00:34 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-13 19:36 - 2016-09-07 00:33 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-13 19:36 - 2016-09-07 00:24 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-13 19:36 - 2016-09-07 00:18 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-09-13 19:36 - 2016-09-07 00:17 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-13 19:36 - 2016-09-07 00:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2016-09-13 19:36 - 2016-09-07 00:03 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2016-09-13 19:36 - 2016-09-07 00:03 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2016-09-13 19:36 - 2016-09-07 00:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll 2016-09-13 19:36 - 2016-09-07 00:02 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-09-13 19:36 - 2016-09-07 00:02 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-09-13 19:36 - 2016-09-07 00:02 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-09-13 19:36 - 2016-09-07 00:02 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-09-13 19:36 - 2016-09-07 00:01 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-09-13 19:36 - 2016-09-07 00:00 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-09-13 19:36 - 2016-09-07 00:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2016-09-13 19:36 - 2016-09-07 00:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2016-09-13 19:36 - 2016-09-06 23:59 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-09-13 19:36 - 2016-09-06 23:59 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-09-13 19:36 - 2016-09-06 23:59 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2016-09-13 19:36 - 2016-09-06 23:59 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2016-09-13 19:36 - 2016-09-06 23:59 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll 2016-09-13 19:36 - 2016-09-06 23:58 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-09-13 19:36 - 2016-09-06 23:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-09-13 19:36 - 2016-09-06 23:58 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-09-13 19:36 - 2016-09-06 23:58 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll 2016-09-13 19:36 - 2016-09-06 23:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-09-13 19:36 - 2016-09-06 23:56 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2016-09-13 19:36 - 2016-09-06 23:56 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-13 19:36 - 2016-09-06 23:56 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll 2016-09-13 19:36 - 2016-09-06 23:56 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-09-13 19:36 - 2016-09-06 23:56 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2016-09-13 19:36 - 2016-09-06 23:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-09-13 19:36 - 2016-09-06 23:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-09-13 19:36 - 2016-09-06 23:54 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-09-13 19:36 - 2016-09-06 23:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-13 19:36 - 2016-09-06 23:54 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2016-09-13 19:36 - 2016-09-06 23:54 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2016-09-13 19:36 - 2016-09-06 23:53 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-13 19:36 - 2016-09-06 23:53 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2016-09-13 19:36 - 2016-09-06 23:53 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2016-09-13 19:36 - 2016-09-06 23:52 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-13 19:36 - 2016-09-06 23:52 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2016-09-13 19:36 - 2016-09-06 23:52 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-13 19:36 - 2016-09-06 23:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2016-09-13 19:36 - 2016-09-06 23:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-13 19:36 - 2016-09-06 23:50 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-13 19:36 - 2016-09-06 23:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2016-09-13 19:36 - 2016-09-06 23:50 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-13 19:36 - 2016-09-06 23:49 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-09-13 19:36 - 2016-09-06 23:49 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-13 19:36 - 2016-09-06 23:48 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2016-09-13 19:36 - 2016-09-06 23:48 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-13 19:36 - 2016-09-06 23:47 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-13 19:36 - 2016-09-06 23:47 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2016-09-13 19:36 - 2016-09-06 23:47 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2016-09-13 19:36 - 2016-09-06 23:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2016-09-13 19:36 - 2016-09-06 23:45 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-13 19:36 - 2016-09-06 23:45 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2016-09-13 19:36 - 2016-09-06 23:45 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-13 19:36 - 2016-09-06 23:44 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-09-13 19:36 - 2016-09-06 23:43 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-09-13 19:36 - 2016-09-06 23:42 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2016-09-13 19:36 - 2016-09-06 23:42 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2016-09-13 19:36 - 2016-09-06 23:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2016-09-13 19:36 - 2016-09-06 23:41 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-13 19:36 - 2016-09-06 23:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-13 19:36 - 2016-09-06 23:39 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-13 19:36 - 2016-09-06 23:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-13 19:36 - 2016-09-06 23:36 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-13 19:36 - 2016-09-06 23:35 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll 2016-09-13 19:36 - 2016-09-06 23:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-13 19:36 - 2016-09-06 23:31 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll 2016-09-13 19:36 - 2016-09-06 23:11 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-09-13 19:36 - 2016-08-05 23:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-13 19:36 - 2016-08-05 22:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-13 19:36 - 2016-08-05 22:48 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-13 19:36 - 2016-08-05 22:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-09-13 19:36 - 2016-08-05 22:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-13 19:36 - 2016-08-05 22:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-09-13 19:36 - 2016-08-05 22:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-13 19:36 - 2016-08-05 22:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-13 19:36 - 2016-08-05 22:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-13 19:36 - 2016-08-05 22:35 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-13 19:36 - 2016-08-05 22:29 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-09-13 19:36 - 2016-08-02 03:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-13 19:36 - 2016-08-02 03:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-13 19:36 - 2016-08-02 03:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-09-13 19:36 - 2016-08-02 03:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-13 19:36 - 2016-08-01 23:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-13 19:36 - 2016-07-21 19:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-13 19:35 - 2016-09-07 01:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-13 19:35 - 2016-09-07 00:55 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-09-13 19:35 - 2016-09-07 00:54 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-13 19:35 - 2016-09-07 00:54 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-13 19:35 - 2016-09-07 00:54 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-13 19:35 - 2016-09-07 00:54 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-13 19:35 - 2016-09-07 00:53 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-09-13 19:35 - 2016-09-07 00:53 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-09-13 19:35 - 2016-09-07 00:51 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-09-13 19:35 - 2016-09-07 00:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-13 19:35 - 2016-09-07 00:51 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-13 19:35 - 2016-09-07 00:50 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-13 19:35 - 2016-09-07 00:50 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-13 19:35 - 2016-09-07 00:48 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-13 19:35 - 2016-09-07 00:48 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-09-13 19:35 - 2016-09-07 00:46 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-09-13 19:35 - 2016-09-07 00:44 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-13 19:35 - 2016-09-07 00:44 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-13 19:35 - 2016-09-07 00:44 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2016-09-13 19:35 - 2016-09-07 00:41 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-13 19:35 - 2016-09-07 00:39 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-09-13 19:35 - 2016-09-07 00:39 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-09-13 19:35 - 2016-09-07 00:37 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-09-13 19:35 - 2016-09-07 00:36 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-13 19:35 - 2016-09-07 00:36 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-09-13 19:35 - 2016-09-07 00:34 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-13 19:35 - 2016-09-07 00:34 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-13 19:35 - 2016-09-07 00:34 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-13 19:35 - 2016-09-07 00:34 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-13 19:35 - 2016-09-07 00:34 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-13 19:35 - 2016-09-07 00:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-09-13 19:35 - 2016-09-07 00:34 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-13 19:35 - 2016-09-07 00:33 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-09-13 19:35 - 2016-09-07 00:33 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-13 19:35 - 2016-09-07 00:33 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-13 19:35 - 2016-09-07 00:32 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-13 19:35 - 2016-09-07 00:32 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-09-13 19:35 - 2016-09-07 00:32 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-13 19:35 - 2016-09-07 00:32 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-13 19:35 - 2016-09-07 00:32 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-13 19:35 - 2016-09-07 00:32 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-13 19:35 - 2016-09-07 00:32 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-13 19:35 - 2016-09-07 00:30 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-09-13 19:35 - 2016-09-07 00:30 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-13 19:35 - 2016-09-07 00:30 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-13 19:35 - 2016-09-07 00:29 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll 2016-09-13 19:35 - 2016-09-07 00:29 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys 2016-09-13 19:35 - 2016-09-07 00:27 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-09-13 19:35 - 2016-09-07 00:27 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll 2016-09-13 19:35 - 2016-09-07 00:25 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-13 19:35 - 2016-09-07 00:24 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-13 19:35 - 2016-09-07 00:24 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-13 19:35 - 2016-09-07 00:24 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-13 19:35 - 2016-09-07 00:24 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2016-09-13 19:35 - 2016-09-07 00:20 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-13 19:35 - 2016-09-07 00:18 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-13 19:35 - 2016-09-07 00:17 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-13 19:35 - 2016-09-07 00:17 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-13 19:35 - 2016-09-07 00:17 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-13 19:35 - 2016-09-07 00:16 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-09-13 19:35 - 2016-09-07 00:15 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-13 19:35 - 2016-09-07 00:15 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-09-13 19:35 - 2016-09-07 00:13 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-13 19:35 - 2016-09-07 00:12 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-13 19:35 - 2016-09-07 00:09 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-13 19:35 - 2016-09-07 00:08 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-13 19:35 - 2016-09-07 00:07 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-13 19:35 - 2016-09-07 00:04 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-13 19:35 - 2016-09-07 00:04 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-13 19:35 - 2016-09-07 00:03 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-13 19:35 - 2016-09-07 00:03 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2016-09-13 19:35 - 2016-09-07 00:03 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2016-09-13 19:35 - 2016-09-07 00:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2016-09-13 19:35 - 2016-09-07 00:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-09-13 19:35 - 2016-09-07 00:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll 2016-09-13 19:35 - 2016-09-07 00:00 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-09-13 19:35 - 2016-09-06 23:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll 2016-09-13 19:35 - 2016-09-06 23:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll 2016-09-13 19:35 - 2016-09-06 23:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-09-13 19:35 - 2016-09-06 23:57 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2016-09-13 19:35 - 2016-09-06 23:56 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-09-13 19:35 - 2016-09-06 23:56 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-13 19:35 - 2016-09-06 23:56 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-13 19:35 - 2016-09-06 23:56 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-09-13 19:35 - 2016-09-06 23:56 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-09-13 19:35 - 2016-09-06 23:55 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-09-13 19:35 - 2016-09-06 23:54 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-09-13 19:35 - 2016-09-06 23:54 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-09-13 19:35 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-09-13 19:35 - 2016-09-06 23:52 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-13 19:35 - 2016-09-06 23:51 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-13 19:35 - 2016-09-06 23:51 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-13 19:35 - 2016-09-06 23:51 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-13 19:35 - 2016-09-06 23:50 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2016-09-13 19:35 - 2016-09-06 23:50 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-09-13 19:35 - 2016-09-06 23:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-13 19:35 - 2016-09-06 23:50 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2016-09-13 19:35 - 2016-09-06 23:49 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-09-13 19:35 - 2016-09-06 23:49 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-13 19:35 - 2016-09-06 23:49 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-13 19:35 - 2016-09-06 23:49 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-13 19:35 - 2016-09-06 23:49 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-13 19:35 - 2016-09-06 23:49 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2016-09-13 19:35 - 2016-09-06 23:48 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-13 19:35 - 2016-09-06 23:48 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-09-13 19:35 - 2016-09-06 23:48 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-13 19:35 - 2016-09-06 23:47 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2016-09-13 19:35 - 2016-09-06 23:47 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-13 19:35 - 2016-09-06 23:47 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2016-09-13 19:35 - 2016-09-06 23:47 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-13 19:35 - 2016-09-06 23:46 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-13 19:35 - 2016-09-06 23:46 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-09-13 19:35 - 2016-09-06 23:46 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-09-13 19:35 - 2016-09-06 23:46 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-09-13 19:35 - 2016-09-06 23:46 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-13 19:35 - 2016-09-06 23:45 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll 2016-09-13 19:35 - 2016-09-06 23:44 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-13 19:35 - 2016-09-06 23:44 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-09-13 19:35 - 2016-09-06 23:44 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-09-13 19:35 - 2016-09-06 23:43 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-13 19:35 - 2016-09-06 23:43 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-13 19:35 - 2016-09-06 23:43 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-13 19:35 - 2016-09-06 23:42 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-09-13 19:35 - 2016-09-06 23:42 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-13 19:35 - 2016-09-06 23:42 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2016-09-13 19:35 - 2016-09-06 23:41 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe 2016-09-13 19:35 - 2016-09-06 23:40 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-09-13 19:35 - 2016-09-06 23:40 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2016-09-13 19:35 - 2016-09-06 23:39 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-13 19:35 - 2016-09-06 23:38 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-09-13 19:35 - 2016-09-06 23:38 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-13 19:35 - 2016-09-06 23:38 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-13 19:35 - 2016-09-06 23:37 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-13 19:35 - 2016-09-06 23:37 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-09-13 19:35 - 2016-09-06 23:36 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-13 19:35 - 2016-09-06 23:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-13 19:35 - 2016-09-06 23:36 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2016-09-13 19:35 - 2016-09-06 23:36 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-13 19:35 - 2016-09-06 23:34 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-09-13 19:35 - 2016-09-06 23:34 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-09-13 19:35 - 2016-09-06 23:33 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-13 19:35 - 2016-09-06 23:33 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-13 19:35 - 2016-09-06 23:33 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-09-13 19:35 - 2016-09-06 23:33 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2016-09-13 19:35 - 2016-09-06 23:33 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-09-13 19:35 - 2016-09-06 23:32 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-09-13 19:35 - 2016-09-06 23:31 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-09-13 19:35 - 2016-09-06 23:31 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-09-13 19:35 - 2016-08-05 23:26 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-09-13 19:35 - 2016-08-05 23:16 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-13 19:35 - 2016-08-05 23:16 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-13 19:35 - 2016-08-05 23:13 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-13 19:35 - 2016-08-05 22:39 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-13 19:35 - 2016-08-05 22:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-13 19:35 - 2016-08-05 22:38 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-09-13 19:35 - 2016-08-05 22:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-13 19:35 - 2016-08-05 22:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-13 19:35 - 2016-08-02 03:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-09-13 19:35 - 2016-08-02 03:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-13 19:35 - 2016-08-02 03:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-09-13 19:35 - 2016-08-01 23:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-09-13 19:35 - 2016-08-01 23:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-09-13 19:35 - 2016-08-01 23:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-09-13 19:35 - 2016-07-21 20:27 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-13 19:35 - 2016-07-21 20:27 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-13 19:34 - 2016-09-07 00:34 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-13 19:34 - 2016-09-07 00:17 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-13 19:34 - 2016-09-07 00:13 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-13 19:34 - 2016-09-06 23:55 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-13 19:34 - 2016-09-06 23:52 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-13 19:34 - 2016-09-06 23:49 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-13 19:34 - 2016-09-06 23:49 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-13 19:34 - 2016-09-06 23:47 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-09-13 19:34 - 2016-09-06 23:46 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-13 19:34 - 2016-09-06 23:46 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-13 19:34 - 2016-09-06 23:45 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-13 19:34 - 2016-09-06 23:45 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-13 19:34 - 2016-09-06 23:45 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-13 19:34 - 2016-09-06 23:44 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-13 19:34 - 2016-09-06 23:44 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-13 19:34 - 2016-09-06 23:41 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-13 19:34 - 2016-09-06 23:40 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-13 19:34 - 2016-09-06 23:40 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-09-13 19:34 - 2016-09-06 23:39 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-13 19:34 - 2016-09-06 23:39 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-09-13 19:34 - 2016-09-06 23:37 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-09-13 19:34 - 2016-09-06 23:37 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-13 19:34 - 2016-09-06 23:35 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-13 19:34 - 2016-09-06 23:32 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-13 19:12 - 2016-09-13 19:12 - 00373709 _____ C:\Users\ryuse\Downloads\Kris2 (1).pdf 2016-09-13 19:09 - 2016-09-13 20:00 - 00518534 _____ C:\Users\ryuse\Desktop\Krist1.pdf 2016-09-13 19:08 - 2016-09-13 19:08 - 00373709 _____ C:\Users\ryuse\Downloads\Kris2.pdf 2016-09-13 18:52 - 2016-09-13 19:06 - 00484127 _____ C:\Users\ryuse\Desktop\Krist2.pdf 2016-09-13 18:51 - 2016-09-13 18:51 - 00373709 _____ C:\Users\ryuse\Desktop\Kris2.pdf 2016-09-13 18:36 - 2016-09-13 18:36 - 00373709 _____ C:\Users\ryuse\Desktop\Kris.pdf 2016-09-13 16:11 - 2016-09-13 16:11 - 00373709 _____ C:\Users\ryuse\Desktop\Interactive_DnD_3.5_Character_Sheet.pdf 2016-09-13 16:09 - 2016-09-13 16:09 - 00323504 _____ C:\Users\ryuse\Downloads\Iaspar (1).pdf 2016-09-13 07:11 - 2016-09-13 17:53 - 03342336 _____ C:\Users\ryuse\Desktop\Longing.sai 2016-09-13 05:39 - 2016-09-13 05:39 - 00373709 _____ C:\Users\ryuse\Downloads\Interactive_DnD_3.5_Character_Sheet.pdf 2016-09-13 05:39 - 2016-09-13 05:39 - 00323504 _____ C:\Users\ryuse\Downloads\Iaspar.pdf 2016-09-13 04:47 - 2016-09-13 04:47 - 00000000 ____D C:\Users\ryuse\Documents\SavedGames 2016-09-13 04:47 - 2016-09-13 04:47 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Rogue Legacy 2016-09-13 04:47 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll 2016-09-13 04:47 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll 2016-09-13 04:47 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll 2016-09-13 04:47 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll 2016-09-13 04:47 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll 2016-09-13 04:46 - 2016-09-13 04:46 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2016-09-13 01:32 - 2016-09-13 01:32 - 330754603 _____ C:\Users\ryuse\Downloads\makehuman-1.1.0-win32.zip 2016-09-12 21:48 - 2016-09-13 07:10 - 00001219 _____ C:\Users\ryuse\Downloads\Answers.txt 2016-09-12 16:44 - 2016-09-12 16:44 - 01068544 _____ C:\Users\ryuse\Downloads\ts.exe 2016-09-12 08:11 - 2016-09-12 08:11 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DbxSvc.exe 2016-09-12 08:05 - 2016-09-12 08:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2016-09-12 08:05 - 2016-09-12 08:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2016-09-12 08:05 - 2016-09-12 08:05 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2016-09-11 20:05 - 2016-09-12 21:48 - 00001169 _____ C:\Users\ryuse\Downloads\Questions.txt 2016-09-11 02:42 - 2016-09-11 02:42 - 00000000 ____D C:\Users\ryuse\Documents\My Games 2016-09-10 21:59 - 2016-09-10 22:07 - 02128259 _____ C:\Users\ryuse\Desktop\Icon1a.psd 2016-09-10 21:38 - 2016-09-10 21:38 - 00017648 _____ C:\Users\ryuse\Downloads\ChiselyFont.ttf 2016-09-10 21:00 - 2016-09-10 21:01 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\NexonLauncher 2016-09-10 21:00 - 2016-09-10 21:00 - 00002262 _____ C:\Users\ryuse\Desktop\Nexon Launcher.lnk 2016-09-10 21:00 - 2016-09-10 21:00 - 00000000 ____D C:\Users\ryuse\AppData\Local\NexonLauncher 2016-09-10 21:00 - 2016-09-10 21:00 - 00000000 ____D C:\Users\ryuse\AppData\Local\Crashpad 2016-09-10 21:00 - 2016-09-10 21:00 - 00000000 ____D C:\Program Files (x86)\Nexon 2016-09-10 20:59 - 2016-09-10 21:00 - 10907624 _____ C:\Users\ryuse\Downloads\NexonLauncherSetup.exe 2016-09-10 01:12 - 2016-09-10 01:12 - 00000000 ____D C:\Users\ryuse\AppData\Local\Medibang 2016-09-09 23:47 - 2016-09-10 05:46 - 94351360 _____ C:\Users\ryuse\Downloads\RockKP.sai 2016-09-09 22:57 - 2016-09-09 22:57 - 00001098 _____ C:\Users\Public\Desktop\MediBang Paint Pro.lnk 2016-09-09 22:57 - 2016-09-09 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medibang 2016-09-09 22:57 - 2016-09-09 22:57 - 00000000 ____D C:\Program Files\Medibang 2016-09-09 22:57 - 2016-08-25 12:59 - 00705064 _____ C:\WINDOWS\system32\MdpThumb64.dll 2016-09-09 22:52 - 2016-09-09 22:57 - 40773840 _____ (Medibang ) C:\Users\ryuse\Downloads\MediBangPaintProSetup-9.0-64bit.exe 2016-09-09 21:54 - 2016-09-09 21:54 - 01620990 _____ C:\Users\ryuse\Desktop\AutoCard.psd 2016-09-09 21:10 - 2016-09-09 21:10 - 00000000 ____D C:\Users\ryuse\Downloads\TTR-Templates 2016-09-09 21:09 - 2016-09-09 21:09 - 00776974 _____ C:\Users\ryuse\Downloads\TTR-Templates.zip 2016-09-09 15:54 - 2016-09-13 03:30 - 00000000 ____D C:\Users\ryuse\Desktop\Shortcuts 2016-09-09 05:18 - 2016-09-09 05:18 - 38166528 _____ C:\Users\ryuse\Downloads\KaruRef.sai 2016-09-09 03:47 - 2016-09-09 03:48 - 97255680 _____ C:\Users\ryuse\Downloads\OBS-Studio-0.15.4-With-Browser-Installer.exe 2016-09-08 19:30 - 2016-09-08 19:30 - 00000112 ____H C:\22141019874C 2016-09-08 19:29 - 2016-09-08 19:29 - 00013966 _____ C:\Users\ryuse\Downloads\538fonts_kon-system.zip 2016-09-08 16:54 - 2016-09-08 16:54 - 00003334 _____ C:\Users\ryuse\Downloads\FBP-Settings-08-Sep-2016.txt 2016-09-07 21:49 - 2016-09-07 21:49 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\MonoDevelop-Unity-5.0 2016-09-07 21:49 - 2016-09-07 21:49 - 00000000 ____D C:\Users\ryuse\AppData\Local\MonoDevelop-Unity-5.0 2016-09-07 20:58 - 2016-09-07 21:18 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Unity 2016-09-07 20:58 - 2016-09-07 21:18 - 00000000 ____D C:\Users\ryuse\AppData\LocalLow\Unity 2016-09-07 20:58 - 2016-09-07 21:17 - 00000000 ____D C:\ProgramData\Unity 2016-09-07 20:58 - 2016-09-07 20:58 - 00000000 ____D C:\Users\ryuse\AppData\Local\Unity 2016-09-07 18:53 - 2016-09-07 18:53 - 02084520 _____ C:\Users\ryuse\Downloads\Psionic_Chr_Sheets_4pg.zip 2016-09-07 14:37 - 2016-09-07 14:37 - 00003334 _____ C:\Users\ryuse\Downloads\FBP-Settings-07-Sep-2016.txt 2016-09-07 14:33 - 2016-09-13 22:13 - 00003446 _____ C:\Users\ryuse\Downloads\Milner.txt 2016-09-07 14:31 - 2016-09-07 14:31 - 00012939 _____ C:\Users\ryuse\Downloads\invoiceto.me (5).pdf 2016-09-06 15:19 - 2016-09-06 15:19 - 00013450 _____ C:\Users\ryuse\Downloads\invoiceto.me (4).pdf 2016-09-06 15:12 - 2016-08-20 00:02 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll 2016-09-06 15:12 - 2016-08-19 23:59 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll 2016-09-06 06:24 - 2016-09-06 06:24 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity 2016-09-06 06:24 - 2016-09-06 06:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity 2016-09-06 06:22 - 2016-09-06 06:22 - 00000000 ____D C:\Users\ryuse\Documents\Visual Studio 2015 2016-09-06 06:17 - 2016-09-06 06:17 - 00000000 ____D C:\Program Files (x86)\AppInsights 2016-09-06 06:16 - 2016-09-06 06:16 - 00000000 ____D C:\Program Files\IIS 2016-09-06 06:16 - 2016-09-06 06:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0 2016-09-06 06:16 - 2016-09-06 06:16 - 00000000 ____D C:\Program Files (x86)\IIS 2016-09-06 06:16 - 2016-07-15 19:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll 2016-09-06 06:16 - 2016-07-15 19:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll 2016-09-06 06:16 - 2016-07-15 19:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll 2016-09-06 06:16 - 2016-07-15 19:26 - 00376320 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2016-09-06 06:16 - 2016-07-15 19:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll 2016-09-06 06:16 - 2016-07-15 19:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll 2016-09-06 06:16 - 2016-07-15 19:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll 2016-09-06 06:16 - 2016-07-15 19:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll 2016-09-06 06:16 - 2016-07-15 19:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll 2016-09-06 06:16 - 2016-07-15 19:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll 2016-09-06 06:16 - 2016-07-15 19:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe 2016-09-06 06:16 - 2016-07-15 19:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe 2016-09-06 06:16 - 2016-07-15 19:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll 2016-09-06 06:16 - 2016-07-15 19:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll 2016-09-06 06:16 - 2016-07-15 19:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe 2016-09-06 06:16 - 2016-07-15 19:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll 2016-09-06 06:16 - 2016-07-15 19:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll 2016-09-06 06:16 - 2016-07-15 19:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll 2016-09-06 06:16 - 2016-07-15 19:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll 2016-09-06 06:16 - 2016-07-15 18:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll 2016-09-06 06:16 - 2016-07-15 18:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll 2016-09-06 06:16 - 2016-07-15 18:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll 2016-09-06 06:16 - 2016-07-15 18:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll 2016-09-06 06:16 - 2016-07-15 18:41 - 00355840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2016-09-06 06:16 - 2016-07-15 18:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll 2016-09-06 06:16 - 2016-07-15 18:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll 2016-09-06 06:16 - 2016-07-15 18:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll 2016-09-06 06:16 - 2016-07-15 18:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll 2016-09-06 06:16 - 2016-07-15 18:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll 2016-09-06 06:16 - 2016-07-15 18:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2016-09-06 06:16 - 2016-07-15 18:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe 2016-09-06 06:16 - 2016-07-15 18:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll 2016-09-06 06:16 - 2016-07-15 18:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe 2016-09-06 06:16 - 2016-07-15 18:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll 2016-09-06 06:16 - 2016-07-15 18:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll 2016-09-06 06:16 - 2016-07-15 18:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll 2016-09-06 06:16 - 2016-07-15 18:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll 2016-09-06 06:16 - 2016-07-15 18:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll 2016-09-06 06:14 - 2016-09-06 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-06 06:14 - 2016-09-06 06:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-06 06:13 - 2016-09-06 06:13 - 00000000 ____D C:\ProgramData\PreEmptive Solutions 2016-09-06 06:13 - 2016-09-06 06:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2016-09-06 06:13 - 2016-09-06 06:13 - 00000000 ____D C:\Program Files (x86)\ShellDir 2016-09-06 06:13 - 2016-09-06 06:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-09-06 06:10 - 2016-09-06 06:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools 2016-09-06 06:09 - 2016-09-06 06:09 - 00000000 ____D C:\ProgramData\NuGet 2016-09-06 06:09 - 2016-09-06 06:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2016-09-06 06:09 - 2016-09-06 06:09 - 00000000 ____D C:\Program Files (x86)\NuGet 2016-09-06 06:09 - 2016-09-06 06:09 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services 2016-09-06 06:08 - 2016-09-06 06:08 - 00001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk 2016-09-06 06:07 - 2016-09-06 06:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0 2016-09-06 06:07 - 2016-09-06 06:07 - 00000000 ____D C:\WINDOWS\SysWOW64\1033 2016-09-06 06:07 - 2016-09-06 06:07 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0 2016-09-06 06:06 - 2016-09-06 06:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015 2016-09-06 06:05 - 2016-09-06 06:05 - 00000000 ____D C:\WINDOWS\symbols 2016-09-06 06:05 - 2016-09-06 06:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer 2016-09-06 06:03 - 2016-09-06 06:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2016-09-06 06:03 - 2016-09-06 06:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2016-09-06 06:03 - 2016-09-06 06:03 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk 2016-09-06 06:01 - 2016-09-06 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2016-09-06 06:01 - 2016-09-06 06:04 - 00000000 ____D C:\WINDOWS\system32\1033 2016-09-06 06:00 - 2016-09-06 06:16 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2016-09-06 06:00 - 2016-09-06 06:05 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2016-09-06 05:57 - 2016-09-06 05:57 - 00000000 ____D C:\Users\Public\Documents\Unity Projects 2016-09-06 05:43 - 2016-09-06 05:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit) 2016-09-06 05:43 - 2016-09-06 05:43 - 00000000 ____D C:\Program Files (x86)\GtkSharp 2016-09-06 05:39 - 2016-09-06 05:43 - 00000000 ____D C:\Program Files\Unity 2016-09-06 03:47 - 2016-09-06 03:48 - 00000000 ____D C:\Users\Public\Documents\ZBrushData 2016-09-06 03:46 - 2016-09-06 03:46 - 00000000 ____D C:\Users\Public\Pixologic 2016-09-06 03:46 - 2016-09-06 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic 2016-09-06 03:46 - 2016-09-06 03:46 - 00000000 ____D C:\Program Files (x86)\Pixologic 2016-09-06 03:31 - 2016-09-06 03:31 - 00045609 _____ C:\Users\ryuse\Downloads\statement.pdf 2016-09-05 06:07 - 2016-09-05 06:07 - 01215743 _____ C:\Users\ryuse\Downloads\open-sans.zip 2016-09-05 06:03 - 2016-09-05 06:03 - 00086233 _____ C:\Users\ryuse\Downloads\rosario.zip 2016-09-05 02:25 - 2016-09-06 05:37 - 00718392 _____ C:\Users\ryuse\Downloads\UnityDownloadAssistant-5.4.0f3.exe 2016-09-03 04:30 - 2016-09-03 04:30 - 00043136 _____ C:\Users\ryuse\Downloads\Rotsprite.7z 2016-09-02 17:07 - 2016-09-02 17:07 - 00000000 ____D C:\Users\ryuse\Desktop\Misc Art 2016-09-02 16:55 - 2016-09-02 16:55 - 03001185 _____ C:\Users\ryuse\Downloads\Shelby.fla 2016-09-02 16:27 - 2016-09-02 16:27 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.3.lnk 2016-09-02 16:27 - 2016-09-02 16:27 - 00000000 ____D C:\Users\ryuse\Documents\Adobe 2016-09-02 16:25 - 2016-09-02 16:25 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs 2016-09-02 16:24 - 2016-09-02 16:24 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate CC 2015.2.lnk 2016-09-02 16:21 - 2016-09-14 15:07 - 00000000 ___RD C:\Users\ryuse\Creative Cloud Files 2016-09-02 16:21 - 2016-09-14 15:07 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-09-02 16:21 - 2016-09-02 16:27 - 00000000 ____D C:\Program Files\Adobe 2016-09-02 16:18 - 2016-09-02 16:18 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-09-02 03:56 - 2016-09-02 03:56 - 00055572 _____ C:\Users\ryuse\Downloads\RagePixel_v0.50.unitypackage 2016-09-02 02:43 - 2016-09-02 02:43 - 211046400 _____ C:\Users\ryuse\Downloads\KaruPaints3.sai 2016-09-01 21:27 - 2016-09-02 16:15 - 00800960 _____ (Adobe Systems Incorporated) C:\Users\ryuse\Downloads\CreativeCloudSet-Up.exe 2016-08-31 20:24 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-08-31 20:24 - 2016-08-26 23:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-08-31 20:24 - 2016-08-26 23:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-08-31 20:24 - 2016-08-26 23:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-08-31 20:24 - 2016-08-26 23:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-08-31 20:24 - 2016-08-26 23:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-08-31 20:24 - 2016-08-26 23:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-08-31 20:24 - 2016-08-20 01:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-08-31 20:24 - 2016-08-20 01:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-08-31 20:24 - 2016-08-20 00:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-08-31 20:24 - 2016-08-20 00:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-08-31 20:24 - 2016-08-20 00:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-08-31 20:24 - 2016-08-20 00:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-08-31 20:24 - 2016-08-20 00:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-08-31 20:24 - 2016-08-20 00:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-08-31 20:24 - 2016-08-20 00:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-08-31 20:24 - 2016-08-20 00:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-08-31 20:24 - 2016-08-20 00:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-08-31 20:24 - 2016-08-20 00:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-08-31 20:24 - 2016-08-20 00:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-08-31 20:24 - 2016-08-20 00:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-08-31 20:24 - 2016-08-20 00:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-08-31 20:24 - 2016-08-20 00:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-31 20:24 - 2016-08-20 00:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-08-31 20:24 - 2016-08-20 00:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-08-31 20:24 - 2016-08-20 00:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-08-31 20:24 - 2016-08-20 00:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-08-31 20:24 - 2016-08-20 00:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-08-31 20:24 - 2016-08-20 00:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-08-31 20:24 - 2016-08-20 00:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-08-31 20:24 - 2016-08-20 00:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-08-31 20:24 - 2016-08-20 00:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-08-31 20:24 - 2016-08-20 00:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-08-31 20:24 - 2016-08-20 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-31 20:24 - 2016-08-20 00:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-08-31 20:24 - 2016-08-20 00:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-08-31 20:24 - 2016-08-20 00:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-08-31 20:24 - 2016-08-20 00:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-08-31 20:24 - 2016-08-20 00:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-31 20:24 - 2016-08-20 00:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-08-31 20:24 - 2016-08-20 00:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-08-31 20:24 - 2016-08-20 00:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-08-31 20:24 - 2016-08-20 00:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-08-31 20:24 - 2016-08-20 00:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-08-31 20:24 - 2016-08-20 00:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-08-31 20:24 - 2016-08-20 00:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-08-31 20:24 - 2016-08-20 00:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-08-31 20:24 - 2016-08-20 00:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-08-31 20:24 - 2016-08-20 00:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-08-31 20:24 - 2016-08-20 00:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-08-31 20:24 - 2016-08-20 00:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-08-31 20:24 - 2016-08-19 23:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-08-31 20:24 - 2016-08-19 23:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-08-31 20:24 - 2016-08-19 23:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-08-31 20:24 - 2016-08-19 23:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-08-31 20:24 - 2016-08-19 23:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-08-31 20:24 - 2016-08-19 23:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-31 20:24 - 2016-08-19 23:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-08-31 20:24 - 2016-08-19 23:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-08-31 20:24 - 2016-08-19 23:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-08-31 20:24 - 2016-08-19 23:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-08-31 20:23 - 2016-08-27 07:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-08-31 20:23 - 2016-08-27 04:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-08-31 20:23 - 2016-08-26 23:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-08-31 20:23 - 2016-08-26 23:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-08-31 20:23 - 2016-08-20 01:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-31 20:23 - 2016-08-20 00:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-08-31 20:23 - 2016-08-20 00:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-08-31 20:23 - 2016-08-20 00:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-08-31 20:23 - 2016-08-20 00:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-08-31 20:23 - 2016-08-20 00:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-08-31 20:23 - 2016-08-20 00:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-08-31 20:23 - 2016-08-18 20:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-08-31 19:53 - 2016-08-31 19:53 - 00002887 _____ C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiled.lnk 2016-08-31 19:53 - 2016-08-31 19:53 - 00000000 ____D C:\Program Files\Tiled 2016-08-31 19:52 - 2016-08-31 19:52 - 13711305 _____ C:\Users\ryuse\Downloads\tiled-0.17.0-win64.msi 2016-08-31 19:45 - 2016-08-31 19:45 - 25996650 _____ C:\Users\ryuse\Downloads\tiled-2016.05.25-linux64.tar.gz 2016-08-31 15:26 - 2016-09-13 22:18 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-08-31 15:26 - 2016-09-01 15:44 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2016-08-31 15:26 - 2016-09-01 15:44 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2016-08-31 15:22 - 2016-08-31 15:22 - 02094184 _____ (Adobe) C:\Users\ryuse\Downloads\acrobatproDC_00000000000000000000000409.exe 2016-08-31 15:20 - 2016-08-31 15:20 - 04860560 _____ (Krzysztof Kowalczyk) C:\Users\ryuse\Downloads\SumatraPDF-3.1.2-install.exe 2016-08-31 15:20 - 2016-08-31 15:20 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk 2016-08-31 15:20 - 2016-08-31 15:20 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\SumatraPDF 2016-08-31 15:20 - 2016-08-31 15:20 - 00000000 ____D C:\Program Files (x86)\SumatraPDF 2016-08-31 15:16 - 2016-08-31 15:16 - 00221166 _____ C:\Users\ryuse\Downloads\FreelanceAgreement_ABUV (1).pdf 2016-08-31 15:16 - 2016-08-31 15:16 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 5.lnk 2016-08-31 15:16 - 2016-08-31 15:16 - 00000000 ____D C:\Program Files\Nitro 2016-08-31 15:16 - 2016-08-31 15:16 - 00000000 ____D C:\Program Files\Common Files\Nitro 2016-08-31 15:16 - 2016-08-31 15:16 - 00000000 ____D C:\Program Files (x86)\Nitro 2016-08-31 15:16 - 2016-08-02 19:09 - 00031904 _____ (Nitro Software, Inc.) C:\WINDOWS\system32\nitrolocalmon10.dll 2016-08-31 15:16 - 2016-08-02 19:09 - 00020128 _____ (Nitro Software, Inc.) C:\WINDOWS\system32\nitrolocalui10.dll 2016-08-31 15:15 - 2016-08-31 15:15 - 56967528 _____ (Nitro PDF Software) C:\Users\ryuse\Downloads\nitro_reader5_64 (1).exe 2016-08-31 15:14 - 2016-08-31 15:14 - 00221166 _____ C:\Users\ryuse\Downloads\FreelanceAgreement_ABUV.pdf 2016-08-31 00:58 - 2016-08-31 00:58 - 08329370 _____ C:\Users\ryuse\Documents\2016_08_31_00_58_scan_result.sr 2016-08-30 17:35 - 2016-08-30 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 RAW Drive Recovery 2016-08-30 17:35 - 2016-08-30 17:35 - 00000000 ____D C:\Program Files (x86)\M3 Software 2016-08-30 17:34 - 2016-08-30 17:35 - 03606480 _____ (M3 Data Recovery ) C:\Users\ryuse\Downloads\m3rawdriverecovery.exe 2016-08-30 03:50 - 2016-08-30 05:14 - 13287424 _____ C:\Users\ryuse\Desktop\KaruMaid.sai 2016-08-29 21:30 - 2016-08-29 21:30 - 00000000 ____D C:\Users\ryuse\Downloads\kemono default skins 2016-08-29 21:29 - 2016-08-29 21:29 - 00000000 ____D C:\Users\ryuse\Downloads\KTDK 2016-08-29 21:28 - 2016-08-29 21:28 - 11429893 _____ C:\Users\ryuse\Downloads\kemono default skins.rar 2016-08-29 21:27 - 2016-08-29 21:28 - 15401847 _____ C:\Users\ryuse\Downloads\KTDK.rar 2016-08-29 20:51 - 2016-08-29 23:37 - 00000000 ____D C:\Users\ryuse\AppData\Local\SecondLife 2016-08-29 20:51 - 2016-08-29 20:52 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\SecondLife 2016-08-29 20:51 - 2016-08-29 20:52 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer 2016-08-29 20:51 - 2016-08-29 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2016-08-29 20:50 - 2016-08-29 20:50 - 52046496 _____ C:\Users\ryuse\Downloads\Second_Life_4_0_7_318301_i686_Setup.exe 2016-08-28 09:08 - 2016-08-28 09:08 - 00000862 _____ C:\Users\ryuse\Desktop\SMCweather.txt 2016-08-27 21:55 - 2016-08-27 21:55 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\MPC-HC 2016-08-27 21:19 - 2016-08-27 21:19 - 00000000 ____D C:\Users\ryuse\Desktop\Ready Player One 2016-08-27 20:49 - 2016-08-31 17:24 - 00000000 ____D C:\Users\ryuse\Documents\Unreal Projects 2016-08-27 20:48 - 2016-08-27 20:48 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Unreal Engine 2016-08-27 20:24 - 2016-08-27 20:24 - 00000000 ____D C:\Users\ryuse\.thumbnails 2016-08-27 20:19 - 2016-09-06 06:24 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-08-27 20:19 - 2016-08-27 20:19 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-08-27 20:19 - 2016-08-27 20:19 - 00000000 ____D C:\Program Files\MSBuild 2016-08-27 20:19 - 2016-08-27 20:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-08-27 20:18 - 2016-08-27 20:18 - 00000000 ____D C:\Users\ryuse\AppData\Local\UnrealEngineLauncher 2016-08-27 20:18 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-08-27 20:18 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-08-27 20:18 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-08-27 20:18 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-08-27 20:18 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-08-27 20:18 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-08-27 20:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2016-08-27 20:18 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2016-08-27 20:18 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2016-08-27 20:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2016-08-27 20:18 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2016-08-27 20:18 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2016-08-27 20:18 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2016-08-27 20:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll 2016-08-27 20:18 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll 2016-08-27 20:17 - 2016-08-27 20:48 - 00000000 ____D C:\Users\ryuse\AppData\Local\UnrealEngine 2016-08-27 20:17 - 2016-08-27 20:20 - 00000000 ____D C:\Program Files (x86)\Epic Games 2016-08-27 20:17 - 2016-08-27 20:19 - 00002608 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2016-08-27 20:17 - 2016-08-27 20:18 - 00000000 ____D C:\ProgramData\Epic 2016-08-27 20:17 - 2016-08-27 20:17 - 00000000 ____D C:\Users\ryuse\AppData\Local\EpicGamesLauncher 2016-08-27 20:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2016-08-27 20:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2016-08-27 20:17 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll 2016-08-27 18:22 - 2016-08-27 20:16 - 37031936 _____ C:\Users\ryuse\Downloads\EpicGamesLauncherInstaller-2.12.6-3075554.msi 2016-08-27 18:01 - 2016-08-27 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller 2016-08-27 18:01 - 2016-08-27 18:01 - 00000000 ____D C:\Program Files (x86)\SHARKOON Skiller 2016-08-27 18:01 - 2013-10-15 15:55 - 00031232 _____ ( ) C:\WINDOWS\system32\Drivers\GameKB.sys 2016-08-27 18:00 - 2016-08-27 18:00 - 00000000 ____D C:\Users\ryuse\Downloads\sw_config_skiller_10554 2016-08-27 17:59 - 2016-08-27 17:59 - 34922387 _____ C:\Users\ryuse\Downloads\sw_config_skiller_10554.zip 2016-08-26 17:17 - 2016-08-27 06:06 - 00000134 _____ C:\Users\ryuse\Desktop\SizePlay.txt 2016-08-26 07:16 - 2016-08-29 06:15 - 00000544 _____ C:\Users\ryuse\Desktop\MagiaclGirlKaru2.txt 2016-08-25 18:41 - 2016-08-25 18:41 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Highresolution Enterprises 2016-08-25 18:41 - 2016-08-25 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises 2016-08-25 18:41 - 2016-08-25 18:41 - 00000000 ____D C:\Program Files\Highresolution Enterprises 2016-08-25 18:40 - 2016-08-25 18:41 - 02768472 _____ C:\Users\ryuse\Downloads\XMouseButtonControlSetup.2.13.1.exe 2016-08-25 16:52 - 2016-08-25 16:52 - 00000000 ____D C:\Users\ryuse\Downloads\blender-2.77a-windows64 2016-08-25 15:42 - 2016-08-25 15:42 - 00012935 _____ C:\Users\ryuse\Downloads\invoiceto.me (3).pdf 2016-08-25 06:16 - 2016-08-25 06:16 - 00067940 _____ C:\Users\ryuse\Downloads\backissuesbb_ot.zip 2016-08-24 23:57 - 2016-08-24 23:57 - 107840769 _____ C:\Users\ryuse\Downloads\blender-2.77a-windows64.zip 2016-08-24 18:50 - 2016-08-24 18:53 - 00000000 ____D C:\Users\ryuse\Desktop\USB Centon 2016-08-24 18:27 - 2016-08-24 18:55 - 00000000 ____D C:\Users\ryuse\Desktop\SS 2016-08-24 17:49 - 2016-09-09 21:11 - 00000000 ____D C:\Users\ryuse\Desktop\Refs 2016-08-24 04:50 - 2016-08-24 04:50 - 00540945 _____ C:\Users\ryuse\Desktop\Logs1.html 2016-08-24 04:50 - 2016-08-24 04:50 - 00000000 ____D C:\Users\ryuse\Desktop\Logs1_files 2016-08-23 22:18 - 2016-08-29 23:46 - 00000000 ____D C:\Users\ryuse\Desktop\Telegram 2016-08-23 15:39 - 2016-08-23 15:39 - 00597304 _____ C:\Users\ryuse\Downloads\flux-setup.exe 2016-08-23 15:32 - 2016-08-05 23:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-08-23 15:32 - 2016-08-05 23:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-08-23 15:32 - 2016-08-05 23:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-08-23 15:32 - 2016-08-05 23:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-08-23 15:32 - 2016-08-05 23:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-08-23 15:32 - 2016-08-05 23:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-23 15:32 - 2016-08-05 23:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-08-23 15:32 - 2016-08-05 23:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-08-23 15:32 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-23 15:32 - 2016-08-05 23:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-23 15:32 - 2016-08-05 23:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-08-23 15:32 - 2016-08-05 23:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-08-23 15:32 - 2016-08-05 23:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-08-23 15:32 - 2016-08-05 23:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-23 15:32 - 2016-08-05 23:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-08-23 15:32 - 2016-08-05 23:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-08-23 15:32 - 2016-08-05 23:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-08-23 15:32 - 2016-08-05 22:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-08-23 15:32 - 2016-08-05 22:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-08-23 15:32 - 2016-08-05 22:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-08-23 15:32 - 2016-08-05 22:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-08-23 15:32 - 2016-08-05 22:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-08-23 15:32 - 2016-08-05 22:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-08-23 15:32 - 2016-08-05 22:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-08-23 15:32 - 2016-08-05 22:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-08-23 15:32 - 2016-08-05 22:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-08-23 15:32 - 2016-08-05 22:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-08-23 15:32 - 2016-08-05 22:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-08-23 15:32 - 2016-08-05 22:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-08-23 15:32 - 2016-08-05 22:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-08-23 15:32 - 2016-08-05 22:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-08-23 15:32 - 2016-08-05 22:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-08-23 15:32 - 2016-08-05 22:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-08-23 15:32 - 2016-08-05 22:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-08-23 15:32 - 2016-08-05 22:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-08-23 15:32 - 2016-08-05 22:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-08-23 15:32 - 2016-08-05 22:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-08-23 15:32 - 2016-08-05 22:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-08-23 15:32 - 2016-08-05 22:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-08-23 15:32 - 2016-08-05 22:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-23 15:32 - 2016-08-05 22:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-08-23 15:32 - 2016-08-05 22:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-08-23 15:32 - 2016-08-05 22:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-08-23 15:32 - 2016-08-05 22:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-08-23 15:32 - 2016-08-05 22:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-08-23 15:32 - 2016-08-05 22:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-08-23 15:32 - 2016-08-05 22:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-08-23 15:32 - 2016-08-05 22:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-08-23 15:32 - 2016-08-05 22:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-08-23 15:32 - 2016-08-05 22:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-08-23 15:32 - 2016-08-05 22:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-08-23 15:32 - 2016-08-05 22:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-08-23 15:32 - 2016-08-05 22:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-23 15:32 - 2016-08-05 22:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-08-23 15:32 - 2016-08-05 22:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-08-23 15:32 - 2016-08-05 04:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-08-23 15:32 - 2016-08-05 04:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-08-23 15:32 - 2016-08-05 04:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-08-23 15:32 - 2016-08-05 03:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-08-23 15:32 - 2016-08-05 03:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-08-23 15:32 - 2016-08-05 03:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-08-23 15:32 - 2016-08-05 03:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-08-23 15:32 - 2016-08-05 03:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-08-23 15:32 - 2016-08-05 03:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-08-23 15:31 - 2016-08-05 23:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-08-23 15:31 - 2016-08-05 23:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-08-23 15:31 - 2016-08-05 22:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-08-23 15:31 - 2016-08-05 22:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-08-23 15:31 - 2016-08-05 22:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-08-23 15:31 - 2016-08-05 22:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-08-23 15:31 - 2016-08-05 22:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-08-23 15:31 - 2016-08-05 22:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-08-23 15:31 - 2016-08-05 22:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-08-23 15:31 - 2016-08-05 22:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-08-23 15:31 - 2016-08-05 22:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-08-23 15:31 - 2016-08-05 22:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-08-23 15:31 - 2016-08-05 22:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-08-23 15:31 - 2016-08-05 22:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-08-23 15:31 - 2016-08-05 22:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-08-23 15:31 - 2016-08-05 22:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-08-23 15:31 - 2016-08-05 22:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-08-23 15:31 - 2016-08-05 22:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-08-23 15:31 - 2016-08-05 22:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-08-23 15:31 - 2016-08-05 22:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-08-23 15:31 - 2016-08-05 22:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-08-23 15:31 - 2016-08-05 22:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-08-23 15:31 - 2016-08-05 22:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-08-23 15:31 - 2016-08-05 22:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-23 15:31 - 2016-08-05 22:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-08-23 15:31 - 2016-08-05 03:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-08-23 15:31 - 2016-08-05 03:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-08-23 15:10 - 2016-08-27 20:13 - 71701040 _____ (Droplr ) C:\Users\ryuse\Downloads\Droplr.3.2.1.exe 2016-08-22 21:29 - 2016-09-09 05:04 - 00000000 ____D C:\Users\ryuse\Downloads\SRI 2016-08-22 21:26 - 2016-08-22 21:26 - 00098656 _____ C:\Users\ryuse\Downloads\dblog.php.html 2016-08-22 06:52 - 2016-08-22 06:52 - 02390672 _____ C:\Users\ryuse\Downloads\Rainmeter-3.3.2.exe 2016-08-22 05:34 - 2016-08-22 05:38 - 02989431 _____ C:\Users\ryuse\Downloads\Star Wars - Clone Wars Order 66.pdf 2016-08-22 05:34 - 2016-08-22 05:38 - 02508464 _____ C:\Users\ryuse\Downloads\The Old Republic 2 - Decieved.pdf 2016-08-22 05:34 - 2016-08-22 05:35 - 04676320 _____ C:\Users\ryuse\Downloads\Star Wars - Kenobi.pdf 2016-08-22 05:34 - 2016-08-22 05:34 - 02751078 _____ C:\Users\ryuse\Downloads\Star Wars - Clone Wars 501st.pdf 2016-08-22 05:34 - 2016-08-22 05:34 - 01956311 _____ C:\Users\ryuse\Downloads\Star Wars - Clone Wars Triple Zero.pdf 2016-08-22 05:34 - 2016-08-22 05:34 - 01799146 _____ C:\Users\ryuse\Downloads\Star Wars Empire and Rebellion - Honor Among Thieves.pdf 2016-08-22 05:34 - 2016-08-22 05:34 - 01065770 _____ C:\Users\ryuse\Downloads\Star Wars - Winner Lose All.pdf 2016-08-22 05:33 - 2016-08-22 05:33 - 01470281 _____ C:\Users\ryuse\Downloads\MR 3 - The Death Cure.pdf 2016-08-22 05:30 - 2016-08-22 05:30 - 01682891 _____ C:\Users\ryuse\Downloads\Star Wars - Red Harvest.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 02989431 _____ C:\Users\ryuse\Downloads\Star Wars Clone Wars 4 - Order 66.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 02969328 _____ C:\Users\ryuse\Downloads\Star Wars Survivor's Quest.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 02203009 _____ C:\Users\ryuse\Downloads\MR 0.5 - The Kill Order.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 01705033 _____ C:\Users\ryuse\Downloads\MR 1 - The Maze Runner.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 01612797 _____ C:\Users\ryuse\Downloads\Star Wars - Clone Wars 1 Hard Contact.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 01519800 _____ C:\Users\ryuse\Downloads\Star Wars - Scourge.pdf 2016-08-22 05:29 - 2016-08-22 05:29 - 00482460 _____ C:\Users\ryuse\Downloads\star_wars_the_force_unleashed_2_by_sean_williams.pdf 2016-08-22 05:28 - 2016-08-22 05:29 - 02727924 _____ C:\Users\ryuse\Downloads\Star Wars - Clone Wars True Colors.pdf 2016-08-22 05:28 - 2016-08-22 05:29 - 01559776 _____ C:\Users\ryuse\Downloads\MR 2 - The Scorch Trials.pdf 2016-08-22 05:24 - 2016-08-22 05:24 - 00000000 _____ C:\Users\ryuse\Downloads\The Clone Wars 02 - Wild Space.epub 2016-08-22 05:23 - 2016-08-22 05:23 - 00000000 _____ C:\Users\ryuse\Downloads\The Clone Wars 01 - The Clone Wars.epub 2016-08-22 05:23 - 2016-08-22 05:23 - 00000000 _____ C:\Users\ryuse\Downloads\Shadows of Mindor.epub 2016-08-22 05:23 - 2016-08-22 05:23 - 00000000 _____ C:\Users\ryuse\Downloads\Red Harvest.epub 2016-08-22 05:23 - 2016-08-22 05:23 - 00000000 _____ C:\Users\ryuse\Downloads\Dawn of the Jedi_ Into the Void.epub 2016-08-22 05:23 - 2016-08-22 05:23 - 00000000 _____ C:\Users\ryuse\Downloads\Darth Bane 02 - Rule of Two.epub 2016-08-22 05:22 - 2016-08-22 05:22 - 00000000 _____ C:\Users\ryuse\Downloads\Maze Runner 1 - The Maze Runner.epub 2016-08-22 05:22 - 2016-08-22 05:22 - 00000000 _____ C:\Users\ryuse\Downloads\Episode III 02 - Revenge of the Sit.epub 2016-08-22 05:22 - 2016-08-22 05:22 - 00000000 _____ C:\Users\ryuse\Downloads\Episode III 01 - Labyrinth of Evil.epub 2016-08-22 05:21 - 2016-08-22 05:21 - 02753480 _____ C:\Users\ryuse\Downloads\The Old Republic 02 - Deceived.epub 2016-08-22 05:21 - 2016-08-22 05:21 - 02153271 _____ C:\Users\ryuse\Downloads\The Clone Wars 03 - No Prisoners.epub 2016-08-22 05:21 - 2016-08-22 05:21 - 00736307 _____ C:\Users\ryuse\Downloads\The Old Republic 01 - Revan.epub 2016-08-22 05:21 - 2016-08-22 05:21 - 00274397 _____ C:\Users\ryuse\Downloads\The Wrath of Darth Maul.epub 2016-08-22 05:20 - 2016-08-22 05:21 - 03397352 _____ C:\Users\ryuse\Downloads\Episode III 00 - The Dark Lord Tril.epub 2016-08-22 05:18 - 2016-08-22 05:18 - 00429428 _____ C:\Users\ryuse\Downloads\Death Star (Michael Reaves and Steve Per - Unknown.epub 2016-08-22 05:18 - 2016-08-22 05:18 - 00380664 _____ C:\Users\ryuse\Downloads\Darth Bane - Path of Destruction (Drew Karpyshyn).epub 2016-08-22 05:18 - 2016-08-22 05:18 - 00342394 _____ C:\Users\ryuse\Downloads\Darth Bane - Rule of Two (Drew Karpyshyn).epub 2016-08-22 05:12 - 2016-08-22 05:12 - 01691390 _____ C:\Users\ryuse\Downloads\Star Wars - Star Lost.pdf 2016-08-22 05:11 - 2016-08-22 05:11 - 02442361 _____ C:\Users\ryuse\Downloads\Star Wars Battlefront - Twilight Company.pdf 2016-08-22 05:11 - 2016-08-22 05:11 - 01522686 _____ C:\Users\ryuse\Downloads\Star Wars - The Force Awakens.pdf 2016-08-22 05:11 - 2016-08-22 05:11 - 01020413 _____ C:\Users\ryuse\Downloads\A New Dawn_ Star Wars - John Jackson Miller.epub 2016-08-22 05:10 - 2016-08-22 05:10 - 03344196 _____ C:\Users\ryuse\Downloads\Aftermath Star Wars Journey to the Force Awakens.epub 2016-08-22 05:10 - 2016-08-22 05:10 - 01684673 _____ C:\Users\ryuse\Downloads\Christie Golden - Dark Disciple - Star Wars.epub 2016-08-22 05:10 - 2016-08-22 05:10 - 01473004 _____ C:\Users\ryuse\Downloads\Honor Among Thieves - Star Wars (Empire and Rebellion) - James S.A. Corey.epub 2016-08-22 05:10 - 2016-08-22 05:10 - 00886605 _____ C:\Users\ryuse\Downloads\Bloodline (Star Wars) - Claudia Gray.epub 2016-08-22 05:10 - 2016-08-22 05:10 - 00492943 _____ C:\Users\ryuse\Downloads\Paul S. Kemp - Lords of the Sith - Star Wars(ARC).epub 2016-08-22 05:09 - 2016-08-22 05:09 - 02766457 _____ C:\Users\ryuse\Downloads\Tarkin - James Luceno.epub 2016-08-22 05:09 - 2016-08-22 05:09 - 02661454 _____ C:\Users\ryuse\Downloads\Star Wars - Heir to the Jedi.epub 2016-08-22 04:31 - 2016-08-22 04:31 - 01136684 _____ C:\Users\ryuse\Downloads\Harry Potter and the Cursed Child.epub 2016-08-22 04:25 - 2016-08-22 04:25 - 02853416 _____ C:\Users\ryuse\Downloads\Heroes of Olympus 04 - The House of Hades.epub 2016-08-22 04:25 - 2016-08-22 04:25 - 01225114 _____ C:\Users\ryuse\Downloads\Heroes of Olympus 02 - The Son of Neptune.epub 2016-08-22 04:25 - 2016-08-22 04:25 - 01078996 _____ C:\Users\ryuse\Downloads\Heroes of Olympus 01- The Lost Hero.epub 2016-08-22 04:25 - 2016-08-22 04:25 - 00524097 _____ C:\Users\ryuse\Downloads\BL2 - The Golden Lily.epub 2016-08-22 04:25 - 2016-08-22 04:25 - 00484709 _____ C:\Users\ryuse\Downloads\01 The Lightning Thief.epub 2016-08-22 04:24 - 2016-08-22 04:24 - 00335155 _____ C:\Users\ryuse\Downloads\VA1 - Vampire Academy.epub 2016-08-22 04:23 - 2016-08-22 04:23 - 00431223 _____ C:\Users\ryuse\Downloads\02 The Sea of Monsters.epub 2016-08-22 04:23 - 2016-08-22 04:23 - 00408961 _____ C:\Users\ryuse\Downloads\VA5 - Spirit Bound.epub 2016-08-22 04:23 - 2016-08-22 04:23 - 00379941 _____ C:\Users\ryuse\Downloads\VA3 - Shadow Kiss.epub 2016-08-22 04:23 - 2016-08-22 04:23 - 00363390 _____ C:\Users\ryuse\Downloads\VA2 - Frostbite.epub 2016-08-22 04:23 - 2016-08-22 04:23 - 00361693 _____ C:\Users\ryuse\Downloads\VA4 - Blood promise.epub 2016-08-22 04:22 - 2016-08-22 04:23 - 01608757 _____ C:\Users\ryuse\Downloads\BL4 - The Fiery Heart.epub 2016-08-22 04:22 - 2016-08-22 04:23 - 01192703 _____ C:\Users\ryuse\Downloads\Heroes of Olympus 05 - The Blood of Olympus - Rick Riordan .epub 2016-08-22 04:22 - 2016-08-22 04:22 - 04030868 _____ C:\Users\ryuse\Downloads\04 The Demigod Files.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00899252 _____ C:\Users\ryuse\Downloads\03 The Demigod Diaries.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00665675 _____ C:\Users\ryuse\Downloads\BL5 - Silver Shadows - Richelle Mead.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00492010 _____ C:\Users\ryuse\Downloads\05 The Last Olympian.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00448929 _____ C:\Users\ryuse\Downloads\03 The Titan's Curse.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00349849 _____ C:\Users\ryuse\Downloads\BL1 - Bloodlines.epub 2016-08-22 04:22 - 2016-08-22 04:22 - 00344116 _____ C:\Users\ryuse\Downloads\04 The Battle of the Labyrinth.epub 2016-08-22 04:21 - 2016-08-22 04:28 - 00640887 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 02 - Hexed.epub 2016-08-22 04:21 - 2016-08-22 04:22 - 02438625 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 04] - Tricked (retail) (epub).epub 2016-08-22 04:21 - 2016-08-22 04:22 - 02384530 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 03] - Hammered (bonus ss A Test of Mettle) (epub).epub 2016-08-22 04:21 - 2016-08-22 04:22 - 02012036 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 01] - Hounded (v5.0) (epub).epub 2016-08-22 04:21 - 2016-08-22 04:21 - 02065330 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 05] - Trapped (epub).epub 2016-08-22 04:21 - 2016-08-22 04:21 - 01103079 _____ C:\Users\ryuse\Downloads\Kevin Hearne - [Iron Druid Chronicles 06] - Hunted (epub).epub 2016-08-20 20:05 - 2016-08-20 20:05 - 09678848 _____ C:\Users\ryuse\Desktop\Colourtests.sai 2016-08-20 19:45 - 2016-08-20 19:45 - 03829760 _____ C:\Users\ryuse\Desktop\keiske.sai 2016-08-20 19:45 - 2016-08-20 19:45 - 01536000 _____ C:\Users\ryuse\Desktop\New CanvasSketchs.sai 2016-08-20 18:31 - 2016-08-20 18:31 - 00254498 _____ C:\Users\ryuse\Downloads\-img-files-menu-1-0-1002-file2.pdf 2016-08-20 18:22 - 2016-08-20 18:22 - 00702126 _____ C:\Users\ryuse\Downloads\-img-files-menu-1-0-1003-file1.pdf 2016-08-20 18:18 - 2016-08-20 18:18 - 00702126 _____ C:\Users\ryuse\Downloads\-img-files-menu-1-0-1002-file1.pdf 2016-08-20 17:21 - 2016-08-20 17:21 - 00724992 _____ C:\Users\ryuse\Desktop\CoolPose.sai 2016-08-20 00:15 - 2016-08-20 01:29 - 34172928 _____ C:\Users\ryuse\Downloads\GrueKP.sai 2016-08-19 16:52 - 2016-08-19 16:52 - 00000000 ____D C:\Users\ryuse\AppData\Local\Logitech 2016-08-19 16:52 - 2016-08-19 16:52 - 00000000 ____D C:\ProgramData\LogiShrd 2016-08-19 16:51 - 2016-08-29 15:13 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2016-08-19 16:51 - 2016-08-19 16:52 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2016-08-19 16:51 - 2016-08-19 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-08-19 16:49 - 2016-08-19 16:49 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Logitech 2016-08-19 16:49 - 2016-08-19 16:49 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Logishrd 2016-08-19 16:46 - 2016-08-19 16:49 - 123519248 _____ (Logitech Inc.) C:\Users\ryuse\Downloads\LGS_8.84.15_x64_Logitech.exe 2016-08-19 16:46 - 2016-08-19 16:46 - 01164056 _____ (Logitech Inc.) C:\Users\ryuse\Downloads\G602Flash.exe 2016-08-19 15:37 - 2016-08-19 15:37 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2016-08-19 15:37 - 2016-08-19 15:37 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2016-08-17 15:59 - 2016-08-17 15:59 - 00000688 _____ C:\Users\ryuse\Desktop\Dreamagain.txt 2016-08-16 13:59 - 2016-08-16 13:59 - 00012934 _____ C:\Users\ryuse\Downloads\invoiceto.me (2).pdf 2016-08-16 10:58 - 2016-08-16 10:58 - 00247236 _____ C:\Users\ryuse\Downloads\onedrivets.diagcab 2016-08-16 10:53 - 2016-08-16 10:53 - 00645729 _____ (WDS Team) C:\Users\ryuse\Downloads\windirstat1_1_2_setup.exe 2016-08-16 10:53 - 2016-08-16 10:53 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2016-08-16 10:53 - 2016-08-16 10:53 - 00000000 ____D C:\Program Files (x86)\WinDirStat 2016-08-15 22:08 - 2016-08-15 22:08 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-14 17:17 - 2016-07-25 22:32 - 00000000 ____D C:\PaintToolSAI 2016-09-14 17:03 - 2016-08-14 16:56 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-14 17:03 - 2016-07-27 00:14 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-14 17:03 - 2016-07-26 20:32 - 00000000 ____D C:\Users\ryuse\AppData\Local\CrashDumps 2016-09-14 17:03 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-14 16:35 - 2016-08-14 13:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-14 15:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-14 15:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-14 15:11 - 2016-07-25 21:21 - 01111296 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-14 15:08 - 2016-07-28 01:02 - 00000000 ___RD C:\Users\ryuse\Dropbox 2016-09-14 15:08 - 2016-07-28 00:59 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-09-14 15:07 - 2016-07-30 14:05 - 00000000 ___RD C:\Users\ryuse\Google Drive 2016-09-14 15:07 - 2016-07-26 19:25 - 00000000 ____D C:\Users\ryuse\AppData\Local\Adobe 2016-09-14 15:07 - 2016-07-25 21:50 - 00000000 ____D C:\Program Files (x86)\Trillian 2016-09-14 15:07 - 2016-07-25 21:19 - 00000000 ___RD C:\Users\ryuse\OneDrive 2016-09-14 15:06 - 2016-04-27 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-14 15:05 - 2016-08-14 14:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-14 15:05 - 2016-08-14 13:58 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-14 15:05 - 2016-08-14 13:57 - 04908200 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-14 06:14 - 2016-07-16 01:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-14 06:13 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-14 06:13 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-09-14 06:13 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-09-14 06:12 - 2016-08-14 13:59 - 00000000 ____D C:\Users\ryuse 2016-09-14 06:10 - 2016-07-27 20:23 - 00000000 ____D C:\Users\ryuse\Desktop\Hatchlings 2016-09-13 23:38 - 2016-07-26 06:20 - 00000000 ____D C:\Users\ryuse\Desktop\Scans 2016-09-13 19:44 - 2016-07-25 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-13 19:44 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-13 19:37 - 2016-07-25 21:26 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-13 16:09 - 2016-07-27 01:24 - 00687616 ___SH C:\Users\ryuse\Desktop\Thumbs.db 2016-09-13 15:34 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-13 06:48 - 2016-07-25 22:06 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\obs-studio 2016-09-13 03:58 - 2016-07-28 20:38 - 00000000 ____D C:\Users\ryuse\AppData\Local\Nox 2016-09-13 03:43 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-13 03:42 - 2016-07-30 05:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-09-13 03:31 - 2016-07-25 22:01 - 00000000 ____D C:\Users\ryuse\.android 2016-09-13 03:30 - 2016-07-28 21:36 - 00000000 ____D C:\Users\ryuse\vmlogs 2016-09-13 03:30 - 2016-07-28 20:39 - 00000000 ____D C:\Users\ryuse\.BigNox 2016-09-12 22:38 - 2016-08-01 22:50 - 00001456 _____ C:\Users\ryuse\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-09-10 07:04 - 2016-08-14 04:29 - 00000000 ____D C:\Users\ryuse\Desktop\DS BG 2016-09-09 21:14 - 2016-07-27 16:26 - 00857600 ___SH C:\Users\ryuse\Downloads\Thumbs.db 2016-09-08 18:21 - 2016-07-26 21:29 - 00000000 ____D C:\Users\ryuse\AppData\LocalLow\Adobe 2016-09-07 11:32 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 11:32 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-07 06:03 - 2016-08-04 14:18 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Skype 2016-09-07 01:54 - 2016-07-26 05:59 - 00000000 ____D C:\Users\ryuse\Desktop\Kei Arts 2016-09-06 06:20 - 2016-07-25 21:38 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-06 06:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-05 20:33 - 2016-07-25 21:18 - 00000000 ____D C:\Users\ryuse\AppData\Local\Packages 2016-09-02 16:27 - 2016-07-26 19:30 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-09-02 16:27 - 2016-07-25 21:18 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Adobe 2016-09-02 16:25 - 2016-07-26 19:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-09-02 16:21 - 2016-07-26 19:30 - 00000000 ____D C:\ProgramData\Adobe 2016-09-02 16:16 - 2016-07-26 19:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-09-01 07:57 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2016-09-01 07:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-01 07:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-08-31 20:20 - 2016-07-16 06:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2016-08-31 20:20 - 2016-07-16 06:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-08-31 20:20 - 2016-07-16 06:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-08-31 20:20 - 2016-07-16 06:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-08-31 15:15 - 2016-08-09 01:10 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Downloaded Installations 2016-08-28 19:38 - 2016-07-27 13:09 - 00000000 ____D C:\Users\ryuse\AppData\Local\ElevatedDiagnostics 2016-08-27 20:13 - 2016-08-11 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Droplr 2016-08-27 20:13 - 2016-08-11 06:08 - 00000000 ____D C:\Program Files\Droplr 2016-08-27 18:01 - 2016-07-26 12:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-25 15:36 - 2016-07-25 21:50 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\discord 2016-08-24 20:53 - 2016-07-25 21:51 - 00000000 ____D C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-08-24 20:53 - 2016-07-25 21:50 - 00000000 ____D C:\Users\ryuse\AppData\Local\Discord 2016-08-22 21:31 - 2016-07-25 21:57 - 00000000 ____D C:\Users\ryuse\AppData\Local\Mozilla 2016-08-22 21:24 - 2016-07-25 21:56 - 00000000 ____D C:\Users\ryuse\AppData\LocalLow\LastPass 2016-08-22 05:34 - 2016-08-09 19:43 - 00000000 ____D C:\Users\ryuse\Downloads\Board for Planet Mobius Chat (Project JJ)_files 2016-08-22 05:29 - 2016-08-09 19:43 - 00000000 ____D C:\Users\ryuse\Downloads\Board for Planet Mobius Chat (Project JJ)2_files 2016-08-20 06:28 - 2016-08-14 07:05 - 00000883 _____ C:\Users\ryuse\Desktop\MagicalGirlKaru.txt 2016-08-19 15:39 - 2016-07-30 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-15 22:08 - 2016-07-25 21:19 - 00002408 _____ C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-15 13:54 - 2016-08-14 14:05 - 00000000 ____D C:\Users\ryuse\AppData\Local\ConnectedDevicesPlatform 2016-08-15 03:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-08-15 03:00 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy ==================== Files in the root of some directories ======= 2016-07-25 21:56 - 2016-07-25 21:56 - 21857816 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2016-08-01 22:50 - 2016-09-12 22:38 - 0001456 _____ () C:\Users\ryuse\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-08-14 13:58 - 2016-08-14 13:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-06 15:59 ==================== End of FRST.txt ============================ --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by ryuse (14-09-2016 17:34:49) Running from C:\Users\ryuse\Downloads Windows 10 Pro Version 1607 (X64) (2016-08-14 19:05:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-549413429-2965258956-636684776-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-549413429-2965258956-636684776-503 - Limited - Disabled) Guest (S-1-5-21-549413429-2965258956-636684776-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-549413429-2965258956-636684776-1003 - Limited - Enabled) ryuse (S-1-5-21-549413429-2965258956-636684776-1001 - Administrator - Enabled) => C:\Users\ryuse ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Animate CC 2015.2 (HKLM-x32\...\FLPR_15_2_1) (Version: 15.2 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation) Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS) Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project) Corsair Gaming Headset Software (HKLM-x32\...\{88ADDCAA-6591-4D41-A7F1-2F38B7B049BB}) (Version: 2.0.37 - Corsair) CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Discord (HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.) Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION Dropbox (HKLM-x32\...\Dropbox) (Version: 10.4.25 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Droplr for Windows (HKLM\...\{910F803C-E7A2-4CFB-B516-07E57B459333}_is1) (Version: 3.2.1 - Droplr) Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.84 (HKLM\...\Logitech Gaming Software) (Version: 8.84.15 - Logitech Inc.) M3 RAW Drive Recovery version 5.6 (HKLM-x32\...\{F354E53A-879C-4F1B-9D4A-DB8A6B986F46}}_is1) (Version: 5.6 - M3 Data Recovery) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediBang Paint Pro 9.0 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 9.0 - Medibang) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2055 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon) Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.0.0 - Duodian Technology Co. Ltd.) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2055 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2055 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2055 - Microsoft Corporation) Hidden PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - ) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7855 - Realtek Semiconductor Corp.) Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 4.0.7.318301 - Linden Research, Inc.) SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - ) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25521 - Microsoft) Hidden Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.) Tiled (HKLM\...\{372625FD-5A01-4302-9DB1-6898D9946BF5}) (Version: 0.17.0 - mapeditor.org) Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC) TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation) VS Update core components (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden vs_update3notification (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WinDirStat 1.1.2 (HKU\S-1-5-21-549413429-2965258956-636684776-1001\...\WinDirStat) (Version: - ) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH) X-Mouse Button Control 2.13.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.13.1 - Highresolution Enterprises) ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-549413429-2965258956-636684776-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F79CA32A4066}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-549413429-2965258956-636684776-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-549413429-2965258956-636684776-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2974C26F-715A-47C2-90A1-3A7E3739171A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.) Task: {3008B23B-5960-4C60-8BB0-D1A5E8C1082F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-01] (Microsoft Corporation) Task: {3047B161-8024-41A9-BC47-D7C4F5B4AA7D} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {4258EED7-21E0-4154-8CD8-96192D67CF23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd) Task: {48FE2A5D-9EAF-4CAE-97F3-F68330BEE9D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-01] (Microsoft Corporation) Task: {6BEEC4FC-F3E3-4F26-A68D-E596C5A6478A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.) Task: {74E6A02D-1798-4417-8AB5-BECF4332EE48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-01] (Microsoft Corporation) Task: {961E51E8-979A-4F05-9507-B6776AE86EED} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-28] (Dropbox, Inc.) Task: {C0731D70-6222-4845-AFD6-1C2F5E9CB9E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {C37F90DC-9DF3-4E33-BCB3-A1C85A632B3D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-28] (Dropbox, Inc.) Task: {C52BD7D8-7771-47FB-890E-8093FE3E1FFA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-15] (Microsoft Corporation) Task: {E77C7BBA-DDC2-409C-9F99-F2CE8139F704} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ryuseiki_k@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-13 19:35 - 2016-09-07 00:44 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-08-14 13:58 - 2016-07-10 17:58 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-09-13 19:35 - 2016-09-07 00:44 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2016-07-30 05:17 - 2016-09-13 03:41 - 08921792 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-13 19:35 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-09-13 19:35 - 2016-09-06 23:57 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-09-13 19:34 - 2016-09-06 23:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-13 19:36 - 2016-09-06 23:35 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-13 19:36 - 2016-09-06 23:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-13 19:35 - 2016-09-06 23:35 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-13 19:34 - 2016-09-06 23:40 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-25 22:00 - 2016-03-21 15:28 - 01357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-08-03 13:06 - 2016-08-03 13:06 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-08-03 13:06 - 2016-08-03 13:06 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2016-01-06 11:41 - 2016-01-06 11:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-08-08 16:44 - 2016-08-02 18:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 16:44 - 2016-08-02 18:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-07-25 21:38 - 2016-06-14 15:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-08-15 22:07 - 2016-08-15 22:07 - 01383616 _____ () C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-15 22:07 - 2016-08-15 22:07 - 00118976 _____ () C:\Users\ryuse\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-08-24 20:52 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\ffmpeg.dll 2016-08-25 15:36 - 2016-08-25 15:36 - 01050296 _____ () \\?\C:\Users\ryuse\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node 2016-08-25 15:36 - 2016-08-25 15:36 - 03793080 _____ () \\?\C:\Users\ryuse\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll 2016-08-25 15:36 - 2016-08-25 15:36 - 00894136 _____ () \\?\C:\Users\ryuse\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node 2016-08-25 15:36 - 2016-08-25 15:36 - 01119416 _____ () \\?\C:\Users\ryuse\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node 2016-08-24 20:52 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\libglesv2.dll 2016-08-24 20:52 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\ryuse\AppData\Local\Discord\app-0.0.296\libegl.dll 2016-07-27 00:15 - 2016-08-08 18:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-07-27 00:14 - 2015-07-01 17:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-07-27 00:15 - 2016-08-23 14:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll 2016-07-27 00:14 - 2015-07-01 17:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-07-27 00:14 - 2015-07-01 17:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-07-27 00:14 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-07-27 00:14 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-07-27 00:14 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-07-27 00:14 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-07-27 00:14 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-07-27 00:14 - 2016-08-23 14:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-07-27 00:14 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-09-14 15:07 - 2016-09-14 15:07 - 00170496 _____ () \\?\C:\Users\ryuse\AppData\Local\Temp\59FD.tmp.node 2016-09-02 15:34 - 2016-09-09 15:43 - 02022072 _____ () \\?\C:\Users\ryuse\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node 2016-08-11 06:08 - 2016-05-16 15:41 - 00995840 _____ () C:\Program Files\Droplr\CefSharp.Core.dll 2016-08-11 06:08 - 2016-05-16 15:42 - 45069312 _____ () C:\Program Files\Droplr\libcef.dll 2016-09-14 15:07 - 2016-09-14 15:07 - 00098816 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32api.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00110080 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\pywintypes27.dll 2016-09-14 15:07 - 2016-09-14 15:07 - 00364544 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\pythoncom27.dll 2016-09-14 15:07 - 2016-09-14 15:07 - 00320512 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32com.shell.shell.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00776704 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_hashlib.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 01176576 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._core_.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00806400 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._gdi_.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00816128 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._windows_.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 01067008 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._controls_.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00733184 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._misc_.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00682496 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\pysqlite2._sqlite.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00088064 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_ctypes.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00119808 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32file.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00108544 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32security.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00007168 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\hashobjs_ext.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00017920 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\thumbnails_ext.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00088064 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\usb_ext.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00012800 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\common.time34.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00018432 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32event.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00167936 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32gui.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00046080 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_socket.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 01208320 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_ssl.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00128512 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_elementtree.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00127488 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\pyexpat.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00038912 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32inet.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00036864 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_psutil_windows.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00525208 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\windows._lib_cacheinvalidation.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00011264 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32crypt.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00077312 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._html2.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00027136 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_multiprocessing.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00020480 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\_yappi.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00035840 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32process.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00686080 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\unicodedata.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00078848 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._animate.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00123392 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\wx._wizard.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00024064 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32pipe.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00010240 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\select.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00025600 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32pdh.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00017408 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32profile.pyd 2016-09-14 15:07 - 2016-09-14 15:07 - 00022528 ____R () C:\Users\ryuse\AppData\Local\Temp\_MEI84642\win32ts.pyd 2016-08-11 06:08 - 2016-05-16 15:41 - 00613888 _____ () C:\Program Files\Droplr\CefSharp.BrowserSubprocess.Core.dll 2016-08-11 06:08 - 2016-05-16 15:42 - 01643008 _____ () C:\Program Files\Droplr\libglesv2.dll 2016-08-11 06:08 - 2016-05-16 15:42 - 00074752 _____ () C:\Program Files\Droplr\libegl.dll 2016-08-24 08:45 - 2016-08-24 08:45 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-07-27 00:14 - 2016-08-04 15:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll 2015-05-27 02:00 - 2015-05-27 02:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll 2016-06-08 00:10 - 2016-06-08 00:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-08-24 08:24 - 2016-08-24 08:24 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-06-08 00:10 - 2016-06-08 00:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2016-08-08 22:29 - 2016-08-08 22:29 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-08-08 22:30 - 2016-08-08 22:30 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node 2016-08-08 22:31 - 2016-08-08 22:31 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-08-08 22:31 - 2016-08-08 22:31 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-08-24 08:17 - 2016-08-24 08:17 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-08-08 22:30 - 2016-08-08 22:30 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node 2016-08-08 22:29 - 2016-08-08 22:29 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node 2016-07-28 01:00 - 2016-08-23 23:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-09-14 15:08 - 2016-08-23 23:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-09-14 15:08 - 2016-08-23 23:43 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-09-14 15:08 - 2016-08-23 23:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-07-28 01:00 - 2016-08-23 23:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-07-28 01:00 - 2016-08-23 23:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-07-28 01:00 - 2016-08-23 23:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-07-28 01:00 - 2016-08-23 23:43 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-05 13:44 - 2016-09-12 08:11 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-09-14 15:08 - 2016-08-23 23:43 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-09-14 15:08 - 2016-08-23 23:45 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-05 13:44 - 2016-09-12 08:11 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-07-28 01:00 - 2016-08-23 23:43 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-08-05 13:44 - 2016-08-23 23:44 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-09-14 15:08 - 2016-08-23 23:41 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-09-14 15:08 - 2016-09-12 08:11 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-09-14 15:08 - 2016-09-12 08:05 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-09-14 15:08 - 2016-09-12 08:11 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-09-14 15:08 - 2016-09-12 08:11 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-07-28 01:00 - 2016-08-23 23:43 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-08-05 13:44 - 2016-09-12 08:11 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-07-28 01:00 - 2016-09-12 08:11 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-07-28 01:00 - 2016-08-23 23:45 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-05 13:44 - 2016-09-12 08:11 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2016-09-14 15:08 - 2016-09-12 08:11 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\ryuse\Desktop\work.zip:com.dropbox.attributes [168] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2016-07-26 19:25 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-549413429-2965258956-636684776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ryuse\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{AB5D92CA-F74D-49C8-8F79-36908B1AD237}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FBC13C4B-27D5-47BC-840E-B70BBBA90281}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{C873BAE7-1238-4726-A2D0-E7444AEEC261}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{A02E3963-E295-462A-B695-32F9A9ABE3FB}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe FirewallRules: [{E6933BD1-5D9C-4928-AD87-CAFDD695BCFE}] => (Allow) C:\Users\ryuse\AppData\Roaming\Nox\bin\Nox.exe FirewallRules: [{BDD19BC1-DE34-45F3-B1EF-BBA9F2179329}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F142B099-B594-4854-9DD8-B7A5C4068CEB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{17981629-9225-442C-BA5E-05E6B45045D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5B3B9AE1-5C83-43C4-B74A-DFE59BDCFF0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{59A78E95-6785-4A78-B23A-F861D6F8B5AA}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Bridge CS5\bridgeproxy.exe FirewallRules: [{C930A557-B377-452F-8A8B-799AC10361C4}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Bridge CS5\Bridge.exe FirewallRules: [{FA12E82F-36F3-42E2-AC50-489B946B6CAE}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Bridge CS5\bridgeproxy.exe FirewallRules: [{71D532CD-8F21-4B57-A1C2-C323201808DC}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Bridge CS5\Bridge.exe FirewallRules: [{A351DE2D-B734-444A-AF30-8D40ACA24870}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{4361AEDB-B842-40E1-8C2F-603A1891B94D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe FirewallRules: [{8D0DE530-40C1-4222-8F9A-D954A3640E29}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Flash CS5\Flash.exe FirewallRules: [{CF8889BD-19B9-47D8-A737-708C3B266A73}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Flash CS5\Flash.exe FirewallRules: [{ED036B8C-4E14-4442-B4DB-ECCA766E6BF4}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe FirewallRules: [{6E7864AC-12E8-4A59-A8C7-FF654B667251}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe FirewallRules: [{411A4AA0-8F37-4F41-AB9F-E3CB389AFD46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2FA69C3E-9489-4BA0-BD6B-C84483F21456}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{81D48983-E373-48E2-BD34-25ABBBF30233}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{89FBD8C5-34D9-462D-B1DA-15F25317FB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{69B99489-A811-488E-9319-AF1D7C33F5C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C28A070C-77A4-4690-8841-92B2A49D9933}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{AC547FD4-86BB-436E-AABE-F5B86CACC052}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{BB442170-E02E-4FEC-84EC-2D7E59D9E09E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{66815AB0-E861-44D8-8164-72A48D9D0292}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{07389A70-F421-48E7-A4F2-1AB78CA6EF7F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{44EDA649-78FC-42BF-9723-3D82382BAA77}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{5AF71A23-D6D1-4B76-8501-7333E13A0D48}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe FirewallRules: [UDP Query User{10B2834B-007F-4479-8375-BFE4AF77D1F9}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe FirewallRules: [TCP Query User{47047DCD-CF09-4A50-B55D-4BADCA842112}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{B24A344E-4510-40D3-B019-80C4FF470E93}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{4D16A1FE-7E4F-480E-A5B3-C7EA69669326}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{947B9A02-2FD3-4401-AA12-111CC5F4E499}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{7DC8EB9C-453A-434E-AC9D-E3502CFE5C83}C:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe FirewallRules: [UDP Query User{A0BD58A9-6F57-4EC6-A8CA-86155D6F9343}C:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe FirewallRules: [TCP Query User{8B4212F1-1AC9-4282-BA83-115801EAF556}C:\program files (x86)\epic games\4.12\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files (x86)\epic games\4.12\engine\binaries\dotnet\swarmagent.exe FirewallRules: [UDP Query User{EE57FA27-75EE-4B0B-BE29-D995AF4F69EA}C:\program files (x86)\epic games\4.12\engine\binaries\dotnet\swarmagent.exe] => (Block) C:\program files (x86)\epic games\4.12\engine\binaries\dotnet\swarmagent.exe FirewallRules: [TCP Query User{9CB2C581-66C3-4C61-B450-F6E23A67072D}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{F4B0FA4F-27ED-4BCD-9D9A-CB41CF7955A3}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{73E6E139-2AD6-42C2-919F-CAAAAE107D61}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZBrush64.exe FirewallRules: [{BF937E89-AC99-47C9-B688-C6511AFB907B}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZBrush.exe FirewallRules: [{93374BD6-DEC2-4A12-A09B-DA6A43A1DF54}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZUpgrader.exe FirewallRules: [{0BFD6CEB-D0D5-4A85-8410-693103A13110}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\Pixologic Deactivation Manager.exe FirewallRules: [{ECF1EFB3-9EAF-4083-BD3F-6183AA9023AD}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZBrush64.exe FirewallRules: [{4E071206-1858-41B4-A541-9AB35D952DB3}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZUpgrader.exe FirewallRules: [{D3224C2E-8B73-410A-8436-ADEF829E0274}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\ZBrush.exe FirewallRules: [{4F16A2A5-B8BB-41EE-8847-44044942FDDF}] => (Block) %ProgramFiles% (x86)\Pixologic\ZBrush 4R7\Pixologic Deactivation Manager.exe FirewallRules: [{4D26F164-2271-4A12-B09A-48B799F9DBF5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{83BA12B7-A2FD-4039-974A-020678803005}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe FirewallRules: [{834B23D2-12EE-43B9-8247-BA8C46F0B96C}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe FirewallRules: [{05197E29-23C7-4F05-A9A8-F93900493A38}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [TCP Query User{08933509-2404-4FEE-84DD-58F7EE3939A0}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe FirewallRules: [UDP Query User{87CADA51-3696-4CB3-9E08-051CA219FA92}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe FirewallRules: [TCP Query User{A74576C0-C247-4EB7-84B8-D12A0923A7EC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{762C3204-0801-4D6B-9518-E91FD36D8260}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{B1B26526-9E54-4F64-93B7-737A431C3255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe FirewallRules: [{0946F243-DB0A-4845-9373-73E582729EBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe FirewallRules: [{BE9A52B0-139D-4217-BDE1-3853C65F14C4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 27-08-2016 18:00:36 Installed SHARKOON Skiller 31-08-2016 15:16:04 Installed Nitro Reader 5 06-09-2016 05:43:18 Windows Modules Installer 13-09-2016 19:33:59 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2016 05:35:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 05:16:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 05:16:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 05:05:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 05:05:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 04:56:20 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest. Error: (09/14/2016 04:42:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 04:40:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 04:35:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2016 04:35:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1GGCVMD) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (09/14/2016 03:08:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (09/14/2016 03:08:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (09/14/2016 03:06:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2016 03:05:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The luafv service failed to start due to the following error: This driver has been blocked from loading Error: (09/13/2016 03:31:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/13/2016 03:43:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/13/2016 03:43:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (09/12/2016 02:09:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/11/2016 03:50:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/11/2016 06:46:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2016-08-15 20:28:57.457 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.455 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.453 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.451 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.375 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7600.16385_none_9016c096ac966f13\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.374 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7600.16385_none_9016c096ac966f13\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.372 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7600.16385_none_9016c096ac966f13\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:28:57.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7600.16385_none_9016c096ac966f13\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:25:23.394 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-15 20:25:23.393 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1090T Processor Percentage of memory in use: 51% Total physical RAM: 8191.18 MB Available physical RAM: 3958.89 MB Total Virtual: 17919.18 MB Available Virtual: 12031.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.4 GB) (Free:105.26 GB) NTFS Drive d: (TerryBite) (Fixed) (Total:931.51 GB) (Free:144.45 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (TOURO) (Fixed) (Total:3726.01 GB) (Free:2696.33 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5CCD708C) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3F4DF7A2) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ==================== End of Addition.txt ============================ --- Thank you for all your help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 17, 2016 Root Admin ID:1062321 Share Posted September 17, 2016 Hello @Karuand Please read the following and post back the logs when ready and we'll see about getting you cleaned up. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed, please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large, then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to clean up all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 01RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs, it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process and does not delete any files, after running it, you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill, you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1 | Link 2 On Windows XP Double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear, this is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer; you will need to run the application again. STEP 02Backup the Registry:Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so. Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double-clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. Make sure that at least the first two check boxes are selected. Click on OK Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe STEP 03 Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:MBAM Clean Removal Process 2x When reinstalling the program, please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Link to post Share on other sites More sharing options...
Karu Posted September 18, 2016 Author ID:1062450 Share Posted September 18, 2016 Okay. Scanned and this is the log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/17/2016 Scan Time: 8:03 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.18.01 Rootkit Database: v2016.08.15.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: ryuse Scan Type: Threat Scan Result: Completed Objects Scanned: 346181 Time Elapsed: 19 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2016 Root Admin ID:1062590 Share Posted September 19, 2016 Please restart the computer first and then run the following steps and post back the logs when ready.STEP 04 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 05 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool.Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 06 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 07 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Karu Posted September 19, 2016 Author ID:1062762 Share Posted September 19, 2016 I'm on step 5 . Before I clean, here are the logs I got so far. ADW found something in Chrome, unsure if I should remove that as it came up a "Secure Preferences" .Attached is also what I believe may be the culprit.. it was blocked before it could redirect. JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by ryuse (Administrator) on Mon 09/19/2016 at 16:30:10.47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Users\ryuse\AppData\Roaming\Mozilla\Firefox\Profiles\yquj36dj.default\user.js (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_03DCC2075AA3EDC6B53EB588755C9451 (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/19/2016 at 16:31:54.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADW Cleaner: # AdwCleaner v6.020 - Logfile created 19/09/2016 at 16:40:30 # Updated on 14/09/2016 by ToolsLib # Database : 2016-09-19.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : ryuse - DESKTOP-1GGCVMD # Running from : C:\Users\ryuse\Downloads\AdwCleaner(1).exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [!] [cknghehebaconkajgiobncfleofebcog] [extensionSecure Preferences ] not deleted: ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2773 Bytes] - [16/09/2016 05:11:56] C:\AdwCleaner\AdwCleaner[C2].txt - [899 Bytes] - [19/09/2016 16:40:30] C:\AdwCleaner\AdwCleaner[S0].txt - [2465 Bytes] - [14/09/2016 18:38:11] C:\AdwCleaner\AdwCleaner[S1].txt - [2690 Bytes] - [16/09/2016 05:02:23] C:\AdwCleaner\AdwCleaner[S2].txt - [1441 Bytes] - [19/09/2016 16:36:37] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1190 Bytes] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2016 Root Admin ID:1062783 Share Posted September 19, 2016 Yes, would appear to be a bad Chrome extension. Not all items from Chrome can be removed automatically, and you'll need to reset Chrome on your own to ensure it's full removal. I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. .Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. .Close Chrome and restart it and check it out please and let me know if that corrects it. Link to post Share on other sites More sharing options...
Karu Posted September 20, 2016 Author ID:1062788 Share Posted September 20, 2016 Alright. Doing all of the above it appears that, so far, I haven't gotten those links appearing on random words. So... so far so good! Thank you! Not sure what extension would have caused it. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 21, 2016 Root Admin ID:1063037 Share Posted September 21, 2016 Great, sometimes popups get clicked by accident or other tricks by advertisers, then they may install things. At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. Download Delfix from here and save it to your desktop. (you may already have this) Ensure Remove disinfection tools is checked. Click the Run button. Reboot Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete) IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall. If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor. How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Recommended Posts