Jump to content

Can't run Malwarebytes Anti-Rootkit or TDSSKILLER

HashSlingingSlasher
 Share

Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Aura

Aura

Posted
Posted

Hi HashSlingingSlasher :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

What happens exactly when you try to run MBAR?

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites
HashSlingingSlasher

HashSlingingSlasher

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Mark (administrator) on MARK-PC (11-10-2017 19:12:20)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 10 Pro Version 1703 170317-1834 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\svmpghusvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Microvirt Software Technology Co. Ltd.) C:\Program Files\Microvirt\MEmu\MemuService.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Discord Inc.) C:\Users\Mark\AppData\Local\Discord\app-0.0.298\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Discord Inc.) C:\Users\Mark\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Discord Inc.) C:\Users\Mark\AppData\Local\Discord\app-0.0.298\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5845\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.9397\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.9397\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.9397\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\sbbmxwh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microvirt Software Technology Co. Ltd.) C:\Program Files\Microvirt\MEmu\MEmu.exe
(Microvirt Corporation) C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe
() C:\Program Files\Microvirt\MEmuHyperv\MEmuHeadless.exe
() C:\Program Files\Microvirt\MEmu\adb.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
() C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2015-08-07] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-07-28] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\Mark\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\Run: [Discord] => C:\Users\Mark\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\MountPoints2: {993468d5-3d43-11e5-9664-806e6f6e6963} - "E:\Install Navigator.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-31]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Mark\AppData\Local\Facebook\Games\FacebookGameroom.exe (No File)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2017-07-09]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0c5d9f69-b809-42e6-818e-b44446139237}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9ef393a5-d963-4d57-91fe-df96b3a6882a}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 96bdau7g.default
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\96bdau7g.default [2017-06-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3005113735-2392873494-3154320556-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-10-11]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-10-04]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (グランブルーファンタジー[ChromeApps版]) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf [2017-08-01]
CHR Extension: (The Godfather: Five Families) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2015-08-12]
CHR Extension: (Viramate) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpokpknehglcioijejfeebigdnbnokj [2017-10-10]
CHR Extension: (Kancolle Launcher) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiiimjljokaamhjooacjmdamnnblcjhc [2016-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [86992 2016-08-25] (American Megatrends Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-13] ()
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-05-13] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co. Ltd.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-21] (NVIDIA Corporation)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-06-16] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178824 2017-06-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 CorsairAudioFilter; C:\WINDOWS\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-09-28] (Disc Soft Ltd)
R1 DuoVMDrv; C:\WINDOWS\system32\DRIVERS\DuoVMDrv.sys [246720 2016-05-10] (American Megatrends Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-09-27] ()
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2017-05-02] (Echobit, LLC)
S3 FNETTBOH_305; C:\WINDOWS\System32\drivers\FNETTBOH_305.SYS [32320 2017-06-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2015-08-07] (FNet Co., Ltd.)
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [45024 2017-06-12] (IObit.com)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-07] (Malwarebytes)
R4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-06] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-07] (Malwarebytes)
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
R1 MpKsl428e87a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F1EB094-550D-4F30-AC0A-B1C5EC96A12A}\MpKsl428e87a5.sys [58120 2017-10-11] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-21] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VASDeviceDrm; C:\WINDOWS\system32\drivers\vasdDev.sys [1994864 2015-12-15] (ShiningMorning Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2017-10-06] ()
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-07-14] (Wellbia.com Co., Ltd.)
S4 FixTDSS; system32\drivers\FixTDSS.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 19:12 - 2017-10-11 19:13 - 000024447 _____ C:\Users\Mark\Desktop\FRST.txt
2017-10-11 19:12 - 2017-10-11 19:12 - 000000000 ____D C:\FRST
2017-10-11 19:11 - 2017-10-11 19:11 - 002401792 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2017-10-11 10:01 - 2017-10-11 10:01 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Desktop\mbar-1.09.3.1001.exe
2017-10-11 09:57 - 2017-10-11 09:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-10-11 09:56 - 2017-10-11 09:57 - 002732544 _____ (Skillbrains ) C:\Users\Mark\Desktop\setup-lightshot.exe
2017-10-11 08:17 - 2017-10-11 08:17 - 000000000 ___HD C:\OneDriveTemp
2017-10-11 03:06 - 2017-10-11 03:07 - 224647008 _____ C:\Users\Mark\Desktop\720P_4000K_130007881.mp4
2017-10-11 03:06 - 2017-10-11 03:06 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Mark\Desktop\tdsskiller.exe
2017-10-11 03:05 - 2017-10-11 03:07 - 200044030 _____ C:\Users\Mark\Desktop\720P_4000K_129933201.mp4
2017-10-11 03:05 - 2017-10-11 03:06 - 239233531 _____ C:\Users\Mark\Desktop\720P_4000K_129933221.mp4
2017-10-11 03:05 - 2017-10-11 03:05 - 174317042 _____ C:\Users\Mark\Desktop\720P_4000K_127723531.mp4
2017-10-11 01:56 - 2017-10-11 01:56 - 000000000 ____D C:\Users\Mark\AppData\Local\tyranoscript
2017-10-11 01:49 - 2017-10-11 01:59 - 000000000 ____D C:\Users\Mark\Desktop\Life With A Slave -Teaching Feeling- Ver.1.9.2
2017-10-10 09:01 - 2017-10-10 09:01 - 000048640 _____ C:\Users\Mark\Desktop\Marvelous-SakuraFutaba-by-KatsuDansou.webp
2017-10-09 15:04 - 2017-10-09 15:04 - 000012632 _____ C:\Users\Mark\Downloads\(FF28) [CreSpirit (Waero)] ININ Renmei 2 - ININ League 2 (League of Legends) [English].torrent
2017-10-09 15:04 - 2017-10-09 15:04 - 000010139 _____ C:\Users\Mark\Downloads\[CreSpirit (Waero)] ININ Renmei (League of Legends) [English].torrent
2017-10-09 14:56 - 2017-10-09 15:03 - 000000000 ____D C:\Users\Mark\Desktop\LEAGUESADKLJASL
2017-10-09 11:07 - 2017-10-09 11:10 - 000000000 ____D C:\Users\Mark\Desktop\Play the Yufin
2017-10-08 09:47 - 2017-10-11 19:14 - 000000000 ____D C:\Users\Mark\AppData\Local\sbbmxwh
2017-10-08 08:33 - 2017-10-08 08:39 - 000000000 ____D C:\Users\Mark\Downloads\Iron Man 3 (2013) [1080p]
2017-10-08 08:33 - 2017-10-08 08:38 - 000000000 ____D C:\Users\Mark\Downloads\Iron Man 2 (2010) [1080p]
2017-10-08 08:33 - 2017-10-08 08:37 - 000000000 ____D C:\Users\Mark\Downloads\Iron Man [1080p]
2017-10-07 14:45 - 2017-10-07 14:45 - 000000000 ____D C:\Users\Mark\Downloads\Photoshop CS8 MAC OSX
2017-10-07 14:38 - 2017-10-07 14:39 - 000000000 ____D C:\Users\Mark\Downloads\Adobe Photoshop CS6 13.0 Final (English Japanese)  Mac Os X [ChingLiu]
2017-10-07 06:50 - 2017-10-07 06:50 - 000000000 ____D C:\ProgramData\CyberLink
2017-10-07 06:48 - 2017-10-07 06:48 - 000000000 ____D C:\ProgramData\Temp
2017-10-07 02:59 - 2017-10-07 02:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-10-07 02:55 - 2017-10-10 15:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-10-06 13:33 - 2017-10-06 13:33 - 000252232 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-06 13:32 - 2017-10-06 13:32 - 000094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2017-10-06 13:26 - 2017-10-06 13:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-06 12:40 - 2017-10-06 12:40 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBB04.tmp
2017-10-06 10:51 - 2017-10-06 10:51 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBDA3.tmp
2017-10-06 10:22 - 2017-10-06 10:22 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBD55.tmp
2017-10-06 10:11 - 2017-10-06 10:11 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAAF6.tmp
2017-10-06 10:04 - 2017-10-06 10:04 - 000116560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raeeilor.sys
2017-10-06 10:02 - 2017-10-07 12:16 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-06 09:22 - 2017-10-07 12:16 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-06 08:36 - 2017-09-18 18:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-06 07:00 - 2017-10-06 07:00 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Mark\Downloads\explorer.exe.crdownload
2017-10-06 07:00 - 2017-10-06 07:00 - 004830473 _____ C:\Users\Mark\Downloads\tdsskiller (1).zip
2017-10-05 17:36 - 2017-10-05 17:36 - 011437984 _____ C:\Users\Mark\Downloads\NexonLauncherSetup.exe
2017-10-05 17:32 - 2017-10-05 17:34 - 016563304 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\mbar-1.09.2.1008 (2).exe
2017-10-05 17:30 - 2017-10-05 17:30 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 992976.crdownload
2017-10-05 17:30 - 2017-10-05 17:30 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 86992.crdownload
2017-10-05 17:30 - 2017-10-05 17:30 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 724742.crdownload
2017-10-05 17:30 - 2017-10-05 17:30 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 459721.crdownload
2017-10-05 17:29 - 2017-10-05 17:29 - 000000000 _____ C:\Users\Mark\Downloads\RogueKiller.exe
2017-10-05 17:20 - 2017-10-05 17:20 - 004830473 _____ C:\Users\Mark\Downloads\tdsskiller.zip
2017-10-05 17:20 - 2017-10-05 17:20 - 000000000 ____D C:\Users\Mark\Downloads\tdsskiller
2017-10-05 17:15 - 2017-10-05 17:15 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Downloads\tdsskiller.exe
2017-10-05 16:39 - 2017-10-05 16:47 - 000000000 ____D C:\Users\Mark\Downloads\[Higenamuchi] MISDIRECTION [Digital]
2017-10-05 16:39 - 2017-10-05 16:46 - 000000000 ____D C:\Users\Mark\Downloads\[Mikuni Mizuki] Akujo Kousatsu Wicked Woman Ch.1-3 [English] [Noraneko]
2017-10-05 16:39 - 2017-10-05 16:45 - 000000000 ____D C:\Users\Mark\Downloads\Sunao ni Narenai!
2017-10-05 16:39 - 2017-10-05 16:45 - 000000000 ____D C:\Users\Mark\Downloads\[Tachibana Yuu] Kimisen [Digital]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\[Suien] Imoype (COMIC Aun 2015-03) [English] [Dammon]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\[sorani] Gakuen no Ojou-sama ga Roshutsukyou no Dohentai datta Hanashi Ch 1-2 [English] [H-Konbini] [Digital]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\[Mikuni Mizuki] Akujo Kousatsu Ch.1 (COMIC Kairakuten BEAST 2016-01) [English] =CaunhTL=
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\[Edogawa Roman] Okasare Love Romance A censoreded Love Romance (COMIC Koh Vol. 5) [English] [Elixir974]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\[Anthology] Bessatsu Comic Unreal Joushiki ga Eroi Ijou na Sekai Vol 4 [English] {doujins com} [Digital]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(Tora Matsuri 2015) [orz (3u)] Erina-sama Tsukamaeta (Shokugeki no Soma) [English] [B.E.C. Scans]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C89) [LOFLAT (Prime)] Erina-sama no Secret Recipe (Shokugeki no Soma)
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C88) [MTSP (Jin)] Tosaka-ke no Kakei Jijou Soushuuhen Ch. 1 -4 & Ch. 6 (Fate stay night) [English] [Brolen]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C87) [Sheepfold (Tachibana Yuu)] Watashi, Hero ni Naremasen deshita. I Did Not Become a Hero (Ore, Twintail ni Narimasu.) [English] [Doujin-Moe]
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C87) [shakestyle (ShAKe)] Igarashi Yuzuha Choukyou Nisshi 1 Watashi... Yogorechaimashita Igarashi Yuzuha's Torture Diary 1 I... Have Been Soiled [English] {doujin-moe.us}
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C86) [Zankirow (Onigirikun)] PILEEDGE LUSTNOIZ [Duo] (Love Live!) [English] {doujin-moe.us}
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C85) [Kikurage-ya (Kikurage)] KOI+KAN❤4 [English] {KFC Translations}
2017-10-05 16:39 - 2017-10-05 16:44 - 000000000 ____D C:\Users\Mark\Downloads\(C84) [Sheepfold (Tachibana Yuu)] Yakuyou Seieki μ's Medicinal Semen μ's (Love Live!) [English] [doujin-moe.us]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\[Spiritus Tarou] Kanchigai Sexcret (COMIC Toutetsu Vol.03) [English] =TV=
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\[SolopipB] Sexual Urge [English]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\[Simon] Two of Us (COMIC Unreal 2013-08) [English] [biribiri]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\[Kurokoshi You] Yuudachi A Sudden Evening Rain (JunMusu) [English] [Crystalium] [Digital] [Decensored]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\(Douyara Deban no Youda! 8) [Fuzainoyamada (Fuzai Yumoto)] Ookami ni Goyoujin (Boku no Hero Academia)
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\(C90) [HitenKei (Hiten)] M.A.N.A [English] [Mikakunin]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\(C88) [WIREFRAME (Yuuki Hagure)] Tamani wa Ore no Seishun Love Come mo Machigattatte Ii Janai. (Yahari Ore no Seishun Love Come wa Machigatteiru.) [English] {KFC Translations}
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\(C84) [STUDIO BIG-X (Arino Hiroshi)] MOUSOU THEATER 42 (Toaru Majutsu no Index) [English] [RKT]
2017-10-05 16:39 - 2017-10-05 16:43 - 000000000 ____D C:\Users\Mark\Downloads\(Bokura no Love Live! 15) [Erostellus (Miel)] Oatsui no ga Daisuki! We Like it Hot! (Love Live! Sunshine!!) [English] { u scanlations}
2017-10-05 16:39 - 2017-10-05 16:42 - 000000000 ____D C:\Users\Mark\Downloads\Crisis Teacher
2017-10-05 16:39 - 2017-10-05 16:42 - 000000000 ____D C:\Users\Mark\Downloads\[Spiritus Tarou] Hajirai Shoujo (COMIC Koh Vol 4) [Chinese] [最低限度漢化]
2017-10-05 16:39 - 2017-10-05 16:42 - 000000000 ____D C:\Users\Mark\Downloads\[Sheepfold (Tachibana Yuu)] Jewel Resort ni H na Keihin ga Tsuika Saremashita (Granblue Fantasy) [English] [ Based Anons] [Digital]
2017-10-05 16:39 - 2017-10-05 16:42 - 000000000 ____D C:\Users\Mark\Downloads\(COMIC1☆11) [Sheepfold (Tachibana Yuu)] Kono Subarashii Party ni mo Syukufuku o (Kono Subarashii Sekai ni Syukufuku o!)
2017-10-05 16:39 - 2017-10-05 16:42 - 000000000 ____D C:\Users\Mark\Downloads\(C90) [Colomonyu (Eromame)] Rezu Geso Gachi♥cchi - Kinoko Takenoko Kassen Super Lewd Lesbian Calamari - Mushrooms vs Bamboo Shoots (Splatoon) [English]
2017-10-05 16:39 - 2017-10-05 16:41 - 000000000 ____D C:\Users\Mark\Downloads\[Yuiga Naoha] Watashi Tobu made Okasarechau I'll Be Raped Until I More Than Orgasm Ch 1-3 [English] [Digital]
2017-10-05 16:39 - 2017-10-05 16:41 - 000000000 ____D C:\Users\Mark\Downloads\[Spiritus Tarou] Uwasa Rumor (COMIC Koh 2017-10) [English] =TLL + mrwayne= [Digital]
2017-10-05 16:39 - 2017-10-05 16:40 - 000000000 ____D C:\Users\Mark\Downloads\(C91) [Private Garden (Tsurusaki Takahiro)] Yuudachi wa Teitoku-san ga Daisukippoi! Yuudachi Loves Admiral-san Very Much, Poi! (Kantai Collection -KanColle-) [English] [Death Usagi]
2017-10-05 16:37 - 2017-10-05 16:39 - 000000000 ____D C:\Users\Mark\Downloads\[Tsuruta Bungaku] Hanahira Torori Ch. 1-6 [English] {QBtranslations}
2017-10-05 16:36 - 2017-10-05 16:36 - 000000000 ____D C:\Users\Mark\Downloads\[Simon] Gyouretsu no Dekiru Youkai Soudanjo (COMIC Unreal 2012-12) [English] [biribiri]
2017-10-05 16:35 - 2017-10-05 16:35 - 000000000 ____D C:\Users\Mark\Downloads\(C86) [Yusaritsukata (Awayume)] Teitoku no Koto nara Suzuya ni Omakase dayo If It's Anything Related to Admiral, Leave It to Suzuya (Kantai Collection -KanColle-) [English] {doujin-moe.us}
2017-10-05 16:33 - 2017-10-05 16:33 - 000080947 _____ C:\Users\Mark\Downloads\[Mikuni Mizuki] Akujo Kousatsu - Wicked Woman Ch.1-3 [English] [Noraneko] (1).torrent
2017-10-05 16:32 - 2017-10-05 16:32 - 000008368 _____ C:\Users\Mark\Downloads\(C85) [Kikurage-ya (Kikurage)] KOI+KAN❤4 [English] {KFC Translations}.torrent
2017-10-05 12:52 - 2017-10-05 12:55 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\mbar-1.09.3.1001 (6).exe
2017-10-05 12:52 - 2017-10-05 12:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 961029.crdownload
2017-10-05 12:52 - 2017-10-05 12:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 541993.crdownload
2017-10-05 12:52 - 2017-10-05 12:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 274457.crdownload
2017-10-05 12:51 - 2017-10-05 12:51 - 071089112 _____ (Malwarebytes ) C:\Users\Mark\Downloads\Unconfirmed 62015.crdownload
2017-10-05 12:51 - 2017-10-05 12:51 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 722650.crdownload
2017-10-05 12:51 - 2017-10-05 12:51 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 547757.crdownload
2017-10-05 12:51 - 2017-10-05 12:51 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\Unconfirmed 276572.crdownload
2017-10-05 09:27 - 2017-10-11 02:44 - 000000000 ____D C:\Users\Mark\AppData\Local\pwinrok
2017-10-05 09:16 - 2017-10-05 09:16 - 000000000 _____ C:\Users\Mark\AppData\Roaming\1.txt
2017-10-05 08:50 - 2017-10-05 08:50 - 000001443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-10-05 08:50 - 2017-10-05 08:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-10-05 08:49 - 2017-10-05 08:50 - 014582384 _____ (IObit ) C:\Users\Mark\Downloads\iobituninstaller (1).exe
2017-10-05 08:43 - 2017-10-05 08:43 - 000192952 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-05 08:42 - 2017-10-07 12:16 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-05 08:42 - 2017-10-05 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-05 08:42 - 2017-10-05 08:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-05 04:30 - 2017-10-05 04:30 - 000000000 _____ C:\D215.tmp
2017-10-05 04:09 - 2017-10-05 04:09 - 071089112 _____ (Malwarebytes ) C:\Users\Mark\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.207-1.0.2899.exe
2017-10-05 03:58 - 2017-10-05 03:58 - 000000000 ____D C:\WINDOWS\SysWOW64\sysfdkin
2017-10-05 03:56 - 2017-10-05 03:56 - 000000000 ____D C:\Users\Mark\AppData\Roaming\et
2017-10-05 03:54 - 2017-10-06 13:32 - 002800640 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\svmpghusvc.exe
2017-10-05 03:54 - 2017-10-05 03:54 - 000000000 ____D C:\WINDOWS\SysWOW64\atnrvum
2017-10-05 03:54 - 2017-10-05 03:54 - 000000000 ____D C:\WINDOWS\system32\atnrvum
2017-10-05 03:52 - 2017-10-05 03:53 - 014582384 _____ (IObit ) C:\Users\Mark\Downloads\iobituninstaller.exe
2017-10-05 03:50 - 2017-10-05 03:50 - 000000000 _____ C:\5FB3.tmp
2017-10-05 03:48 - 2017-10-05 03:48 - 000000000 _____ C:\161.tmp
2017-10-05 03:25 - 2017-10-05 03:25 - 000000000 ____D C:\Users\Mark\Downloads\[Fatalpulse (Asanagi)] VictimGirls 17 SOS -savage our souls- (Kantai Collection -KanColle-) [English] [2D-Market com] [Decensored] [Digital]
2017-10-05 03:24 - 2017-10-05 03:24 - 000015340 _____ C:\Users\Mark\Downloads\[Fatalpulse (Asanagi)] VictimGirls 17 SOS -savage our souls- (Kantai Collection -KanColle-) [English] [2D-Market.com] [Decensored] [Digital].torrent
2017-10-05 03:09 - 2017-10-05 03:09 - 003843775 _____ C:\Users\Mark\Downloads\[TSUMINO.COM] Kotegawa Molestor Train  古手川痴漢電車.zip
2017-10-05 03:08 - 2017-10-05 03:08 - 013567143 _____ C:\Users\Mark\Downloads\[TSUMINO.COM] Black² Train (FAKKU).zip
2017-10-05 00:50 - 2017-10-05 00:50 - 000081040 _____ C:\Users\Mark\Downloads\[Tsuruta Bungaku] Hanahira Torori Ch. 1-6 [English] {QBtranslations}.torrent
2017-10-05 00:44 - 2017-10-05 00:44 - 000020743 _____ C:\Users\Mark\Downloads\(Tora Matsuri 2015) [orz (3u)] Erina-sama Tsukamaeta (Shokugeki no Soma) [English] [B.E.C. Scans].torrent
2017-10-05 00:44 - 2017-10-05 00:44 - 000010802 _____ C:\Users\Mark\Downloads\[Simon] Gyouretsu no Dekiru Youkai Soudanjo (COMIC Unreal 2012-12 Vol. 40) [English] [biribiri] [Digital].torrent
2017-10-05 00:44 - 2017-10-05 00:44 - 000009974 _____ C:\Users\Mark\Downloads\(C86) [Yusaritsukata (Awayume)] Teitoku no Koto nara Suzuya ni Omakase dayo - If It's Anything Related to Admiral, Leave It to Suzuya (Kantai Collection -KanColle-) [English] {doujin-moe.us}.torrent
2017-10-05 00:38 - 2017-10-05 00:38 - 000000000 ____D C:\Users\Mark\Documents\DyingLight
2017-10-05 00:27 - 2017-10-05 00:27 - 000075292 _____ C:\Users\Mark\Downloads\[Mikuni Mizuki] Sunao ni Narenai! [English].torrent
2017-10-05 00:24 - 2017-10-05 00:24 - 000079857 _____ C:\Users\Mark\Downloads\[Higenamuchi] MISDIRECTION [Digital].torrent
2017-10-05 00:24 - 2017-10-05 00:24 - 000019167 _____ C:\Users\Mark\Downloads\(C86) [Zankirow (Onigirikun)] PILEEDGE LUSTNOIZ [Duo] (Love Live!) [English] {doujin-moe.us}.torrent
2017-10-05 00:24 - 2017-10-05 00:24 - 000007065 _____ C:\Users\Mark\Downloads\(C89) [LOFLAT (Prime)] Erina-sama no Secret Recipe (Shokugeki no Soma).torrent
2017-10-05 00:24 - 2017-10-05 00:24 - 000006247 _____ C:\Users\Mark\Downloads\(C91) [Private Garden (Tsurusaki Takahiro)] Yuudachi wa Teitoku-san ga Daisukippoi! - Yuudachi Loves Admiral-san Very Much, Poi! (Kantai Collection -KanColle-) [English] [Death Usagi].torrent
2017-10-05 00:23 - 2017-10-05 00:23 - 000007960 _____ C:\Users\Mark\Downloads\(COMIC1☆11) [Sheepfold (Tachibana Yuu)] Kono Subarashii Party ni mo Syukufuku o (Kono Subarashii Sekai ni Syukufuku o!).torrent
2017-10-05 00:23 - 2017-10-05 00:23 - 000006554 _____ C:\Users\Mark\Downloads\[Spiritus Tarou] Hajirai Shoujo (COMIC Koh Vol.4) [Chinese] [最低限度漢化].torrent
2017-10-05 00:22 - 2017-10-05 00:22 - 000064279 _____ C:\Users\Mark\Downloads\[Tachibana Yuu] Kimisen [Digital].torrent
2017-10-05 00:22 - 2017-10-05 00:22 - 000014425 _____ C:\Users\Mark\Downloads\(C84) [Sheepfold (Tachibana Yuu)] Yakuyou Seieki μ's - Medicinal Semen μ's (Love Live!) [English] [doujin-moe.us].torrent
2017-10-05 00:22 - 2017-10-05 00:22 - 000007437 _____ C:\Users\Mark\Downloads\(C87) [Sheepfold (Tachibana Yuu)] Watashi, Hero ni Naremasen deshita. - I Did Not Become a Hero (Ore, Twintail ni Narimasu.) [English] [Doujin-Moe].torrent
2017-10-05 00:22 - 2017-10-05 00:22 - 000004038 _____ C:\Users\Mark\Downloads\[Sheepfold (Tachibana Yuu)] Jewel Resort ni H na Keihin ga Tsuika Saremashita (Granblue Fantasy) [English] [#Based Anons] [Digital].torrent
2017-10-05 00:11 - 2017-10-05 00:11 - 000010283 _____ C:\Users\Mark\Downloads\[Simon] Two of Us (COMIC Unreal 2013-08) [English] [biribiri].torrent
2017-10-04 23:19 - 2017-10-04 23:19 - 000080947 _____ C:\Users\Mark\Downloads\[Mikuni Mizuki] Akujo Kousatsu - Wicked Woman Ch.1-3 [English] [Noraneko].torrent
2017-10-04 23:19 - 2017-10-04 23:19 - 000010481 _____ C:\Users\Mark\Downloads\[Kurokoshi You] Yuudachi - A Sudden Evening Rain (JunMusu) [English] [Crystalium] [Digital] [Decensored].torrent
2017-10-04 23:19 - 2017-10-04 23:19 - 000006194 _____ C:\Users\Mark\Downloads\[Spiritus Tarou] Uwasa - Rumor (COMIC Koh 2017-10) [English] =TLL + mrwayne= [Digital].torrent
2017-10-04 23:18 - 2017-10-04 23:18 - 000018646 _____ C:\Users\Mark\Downloads\[Anthology] Bessatsu Comic Unreal Joushiki ga Eroi Ijou na Sekai Vol. 4 [English] {doujins.com} [Digital].torrent
2017-10-04 23:18 - 2017-10-04 23:18 - 000014054 _____ C:\Users\Mark\Downloads\[Edogawa Roman] Okasare Love Romance - A censoreded Love Romance (COMIC Koh Vol. 5) [English] [Elixir974].torrent
2017-10-04 23:18 - 2017-10-04 23:18 - 000014052 _____ C:\Users\Mark\Downloads\(C84) [STUDIO BIG-X (Arino Hiroshi)] MOUSOU THEATER 42 (Toaru Majutsu no Index) [English] [RKT].torrent
2017-10-04 23:18 - 2017-10-04 23:18 - 000007947 _____ C:\Users\Mark\Downloads\[Suien] Imoype (COMIC Aun 2015-03) [English] [Dammon].torrent
2017-10-04 23:17 - 2017-10-04 23:17 - 000017710 _____ C:\Users\Mark\Downloads\[sorani] Gakuen no Ojou-sama ga Roshutsukyou no Dohentai datta Hanashi Ch. 1-2 [English] [H-Konbini] [Digital].torrent
2017-10-04 23:17 - 2017-10-04 23:17 - 000014331 _____ C:\Users\Mark\Downloads\[Yuiga Naoha] Watashi Tobu made Okasarechau... - I'll Be Raped Until I More Than Orgasm Ch. 1-3 [English] [Digital].torrent
2017-10-04 23:17 - 2017-10-04 23:17 - 000006579 _____ C:\Users\Mark\Downloads\[Spiritus Tarou] Kanchigai - Sexcret (Comic Toutetsu 2015-02 Vol. 3) [English] =TV=.torrent
2017-10-04 23:16 - 2017-10-04 23:16 - 000010904 _____ C:\Users\Mark\Downloads\[Mikuni Mizuki] Akujo Kousatsu Ch.1 (COMIC Kairakuten BEAST 2016-01) [English] =CaunhTL=.torrent
2017-10-04 23:16 - 2017-10-04 23:16 - 000004789 _____ C:\Users\Mark\Downloads\(C88) [WIREFRAME (Yuuki Hagure)] Tamani wa Ore no Seishun Love Come mo Machigattatte Ii Janai. (Yahari Ore no Seishun Love Come wa Machigatteiru.) [English] {KFC Translations}.torrent
2017-10-04 23:15 - 2017-10-04 23:15 - 000008846 _____ C:\Users\Mark\Downloads\(C87) [shakestyle (ShAKe)] Igarashi Yuzuha Choukyou Nisshi 1 Watashi... Yogorechaimashita - Igarashi Yuzuha's Torture Diary 1 I... Have Been Soiled [English] {doujin-moe.us}.torrent
2017-10-04 23:15 - 2017-10-04 23:15 - 000007510 _____ C:\Users\Mark\Downloads\(C90) [HitenKei (Hiten)] M.A.N.A [English] [Mikakunin].torrent
2017-10-04 21:36 - 2017-10-04 21:36 - 000009230 _____ C:\Users\Mark\Downloads\(C90) [Colomonyu (Eromame)] Rezu Geso Gachi♥cchi - Kinoko Takenoko Kassen - Super Lewd Lesbian Calamari - Mushrooms vs Bamboo Shoots (Splatoon) [English].torrent
2017-10-04 09:11 - 2017-10-04 09:11 - 000003640 _____ C:\Users\Mark\Downloads\[Ban!] Crisis Teacher (COMIC X-EROS #24) [English] =LewdWaniBootleggers=.torrent
2017-10-03 23:07 - 2017-10-03 23:07 - 000007430 _____ C:\Users\Mark\Downloads\(Bokura no Love Live! 15) [Erostellus (Miel)] Oatsui no ga Daisuki! - We Like it Hot! (Love Live! Sunshine!!) [English].torrent
2017-10-03 07:40 - 2017-10-03 07:40 - 000000000 ____D C:\Users\Mark\Downloads\[Public Pickups] Katia (Tourist Attraction)
2017-10-03 06:30 - 2017-10-03 06:30 - 000000000 ____D C:\Users\Mark\Downloads\Public.Pickups.3.XXX.DVDRip.x264-XCiTE
2017-10-03 05:53 - 2017-10-03 06:14 - 000000000 ____D C:\Users\Mark\Downloads\Spider-Man.Homecoming.2017.1080p.BluRay.x264-SPARKS[rarbg]
2017-10-03 05:50 - 2017-10-03 05:50 - 000101921 _____ C:\Users\Mark\Downloads\Spider-Man.Homecoming.2017.1080p.BluRay.x264-SPARKS-[rarbg.to].torrent
2017-10-03 05:44 - 2017-10-03 08:54 - 425949183 _____ C:\Users\Mark\Downloads\{Public PickUps - Mofos} Alana Moon - Amateur Euro Blondes Sextape   .....(23 October 2016).........P4U.......mp4
2017-10-03 05:42 - 2017-10-03 05:48 - 000000000 ____D C:\Users\Mark\Downloads\Public Pickups #15 (NEW 2015 Mofos) [Split Scenes] WEB-DL
2017-10-03 05:41 - 2017-10-08 08:33 - 000000000 ____D C:\Users\Mark\Downloads\Public Pickups
2017-10-03 05:40 - 2017-10-03 05:40 - 000000000 ____D C:\Users\Mark\Downloads\Public.Pickups.17
2017-10-03 05:06 - 2017-10-03 05:09 - 000000000 ____D C:\Users\Mark\Downloads\Public Pickups #16 (NEW 2015 Mofos) [Split Scenes] WEB-DL
2017-10-03 05:05 - 2017-10-03 06:52 - 000000000 ____D C:\Users\Mark\Downloads\My Pickup Girls - Yuki (Hot Anal censored In A Public Toilet)
2017-10-03 05:05 - 2017-10-03 05:09 - 000000000 ____D C:\Users\Mark\Downloads\Public Pickups 14 (NEW 2015 Mofos) [Split Scenes] WEB-DL
2017-10-03 05:00 - 2017-10-03 05:28 - 250260539 _____ C:\Users\Mark\Desktop\ff-1c4826563f59fac882ce41e00350d5e6,59d4a79b,cd3cb12_480.mp4
2017-10-03 05:00 - 2017-10-03 05:11 - 000000000 ____D C:\Users\Mark\Downloads\Public Pickups 18 - Mofos 2016 WEB-DL SPLIT SCENES MP4-RARBG
2017-10-03 04:58 - 2017-10-03 05:00 - 490905253 _____ C:\Users\Mark\Downloads\Public PickUps - Suzy Rainbow (Hungarian Hottie Pounded Outdoors).mp4
2017-10-03 04:57 - 2017-10-03 05:10 - 2391551328 _____ C:\Users\Mark\Downloads\Public_Pickups_19.mp4
2017-10-03 04:49 - 2017-10-03 04:53 - 035318885 _____ C:\Users\Mark\Downloads\f48361c76ee768ee641abf093f0034011366316803.mp4-480-270-300-f48361c76ee768ee641abf093f0034011366316803.mp4
2017-10-03 00:27 - 2017-10-03 00:27 - 000005794 _____ C:\Users\Mark\Downloads\(Douyara Deban no Youda! 8) [Fuzainoyamada (Fuzai Yumoto)] Ookami ni Goyoujin (Boku no Hero Academia).torrent
2017-10-02 15:28 - 2017-10-02 15:28 - 000092640 _____ (X5R0N0) C:\WINDOWS\system32\Drivers\14f8e71c5bebc40d367bb8e027cd5ee4.sys
2017-10-02 15:28 - 2017-10-02 15:28 - 000051616 _____ C:\WINDOWS\uninstaller.dat
2017-10-02 14:45 - 2017-10-02 14:45 - 000006098 _____ C:\Users\Mark\Downloads\[SolopipB] Sexual Urge [English].torrent
2017-10-02 09:31 - 2017-10-02 09:31 - 002339296 _____ (Rainmeter) C:\Users\Mark\Downloads\Rainmeter-4.1-r2917-beta.exe
2017-10-02 09:31 - 2017-10-02 09:31 - 002253848 _____ (Rainmeter) C:\Users\Mark\Downloads\Rainmeter-4.0.exe
2017-10-02 09:18 - 2017-10-02 09:18 - 000000000 ____D C:\Users\Mark\AppData\Local\MasqVox
2017-10-02 09:17 - 2017-10-02 09:19 - 018130080 _____ (caramagic ) C:\Users\Mark\Downloads\masqvox.exe
2017-10-02 09:17 - 2015-12-15 14:40 - 001994864 _____ (ShiningMorning Inc.) C:\WINDOWS\system32\Drivers\vasdDev.sys
2017-10-02 08:14 - 2017-10-02 08:14 - 000031108 _____ C:\Users\Mark\Downloads\(C88) [MTSP (Jin)] Tosaka-ke no Kakei Jijou Soushuuhen Ch. 1 -4 & Ch. 6 (Fate-stay night) [English] [Brolen].torrent
2017-10-01 23:00 - 2017-10-01 23:01 - 798699779 _____ C:\Users\Mark\Downloads\FEFatesUSA_Undub.7z
2017-10-01 22:59 - 2017-10-01 22:59 - 000908469 _____ C:\Users\Mark\Downloads\FE_Fates_USA_NameChangePatch.7z
2017-10-01 22:59 - 2017-10-01 22:59 - 000005603 _____ C:\Users\Mark\Downloads\FEFatesUSA_RestoreSwimsuits.zip
2017-10-01 22:31 - 2017-10-01 22:31 - 005009561 _____ C:\Users\Mark\Downloads\starter.zip
2017-10-01 02:06 - 2017-10-01 02:22 - 067739638 _____ C:\Users\Mark\Downloads\50ca44500bf83-320-240-344-h264.mp4
2017-09-26 05:01 - 2017-09-26 05:01 - 195085569 _____ C:\Users\Mark\Downloads\1080P_4000K_130006881.mp4
2017-09-26 05:01 - 2017-09-26 05:01 - 018361725 _____ C:\Users\Mark\Downloads\480P_2000K_129701761.mp4
2017-09-25 04:23 - 2017-09-25 04:23 - 284598969 _____ C:\Users\Mark\Downloads\Toriko no Kusari 2.mp4
2017-09-24 02:20 - 2017-09-24 02:24 - 000000000 ____D C:\Users\Mark\Downloads\Gekijouban Sword Art Online - Ordinal Scale (2017) [720p]
2017-09-22 12:06 - 2017-09-24 01:53 - 000000000 ____D C:\Users\Mark\Downloads\Bishoujo Mangekyou -Katsute Shoujo Datta Kimi e-
2017-09-22 11:59 - 2017-09-22 11:59 - 009955137 _____ C:\Users\Mark\Downloads\views_0421m.zip
2017-09-22 03:09 - 2017-09-22 03:09 - 015028431 _____ C:\Users\Mark\Downloads\Active♥Passive.zip
2017-09-21 21:49 - 2017-09-21 21:49 - 049972607 _____ C:\Users\Mark\Downloads\Pac-man Ghosts animation by minus8.mp4
2017-09-21 21:49 - 2017-09-21 21:49 - 001217060 _____ C:\Users\Mark\Desktop\giphy.webp
2017-09-21 05:57 - 2017-09-22 11:57 - 000000000 ____D C:\Users\Mark\Downloads\BrutalPickups.E03.Holly.Hendrix.XXX.1080p.MP4-KTR[rarbg]
2017-09-21 05:51 - 2017-09-24 03:54 - 000000000 ____D C:\Users\Mark\Downloads\BrutalPickups.E02.Sabrina.Banks.XXX.1080p.MP4-KTR[rarbg]
2017-09-21 05:43 - 2017-09-24 02:27 - 000000000 ____D C:\Users\Mark\Downloads\BrutalPickups.E11.Lilly.Sapphire.XXX.1080p.MP4-KTR[rarbg]
2017-09-21 05:41 - 2017-09-21 05:43 - 000000000 ____D C:\Users\Mark\Downloads\Fetish Network - Helpless Teens SiteRip 9 Videos - NR
2017-09-21 01:02 - 2017-09-21 01:02 - 039493801 _____ C:\Users\Mark\Downloads\Natsuiro Tsubame - Summer-Colored Tsubame.zip
2017-09-18 21:42 - 2017-10-05 09:24 - 000000000 ____D C:\ProgramData\Origin
2017-09-18 21:42 - 2017-09-18 21:42 - 000000000 ____D C:\Users\Mark\.Origin
2017-09-18 12:27 - 2017-09-18 12:27 - 000000000 ____D C:\Users\Mark\Downloads\[Sheepfold (Tachibana Yuu)] Sange Suru Chitsujo no Kishi (Granblue Fantasy) [English] {doujins com} [Digital]
2017-09-18 12:27 - 2017-09-18 12:27 - 000000000 ____D C:\Users\Mark\Downloads\[Aoki Kanji] Doukyuusei no Wakai Haha My Classmate's Young Mom (Web Manga Bangaichi Vol 1) [English] [fraudia + Amalthea]
2017-09-18 12:27 - 2017-09-18 12:27 - 000000000 ____D C:\Users\Mark\Downloads\(SC65) [Ninokoya (Ninoko)] MAKI HOLE (Love Live!) [English] {doujins com}
2017-09-17 02:44 - 2017-09-17 02:44 - 000000000 ____D C:\Users\Mark\Downloads\Ma.ga.ochiru.yoru
2017-09-17 02:44 - 2017-09-17 02:44 - 000000000 ____D C:\Users\Mark\Downloads\(Hentai) Bible Black Series (mega)
2017-09-17 02:43 - 2017-09-17 02:43 - 000000000 ____D C:\Users\Mark\Desktop\愛なきバケモノハンター~負ければ触手に犯される~
2017-09-17 01:38 - 2017-09-17 01:38 - 000001165 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5.lnk
2017-09-17 01:26 - 2017-09-17 01:26 - 000001059 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-09-17 01:25 - 2017-09-17 01:37 - 000000000 ____D C:\Users\Mark\AppData\Local\osu!
2017-09-17 01:12 - 2017-09-17 01:21 - 581254853 _____ C:\Users\Mark\Desktop\(同人ゲーム) [130722][RJ118890][赤いトンボ] 愛なきバケモノハンター~負ければ触手に犯される~ (files).rar
2017-09-17 00:54 - 2017-10-06 13:41 - 000000000 ____D C:\Users\Mark\Desktop\Ma.ga.ochiru.yoru
2017-09-17 00:54 - 2017-09-17 00:54 - 000000000 ____D C:\Users\Mark\Desktop\(Hentai) Bible Black Series (mega)
2017-09-12 17:48 - 2017-09-05 00:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 17:48 - 2017-09-05 00:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 17:48 - 2017-09-04 23:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 17:48 - 2017-09-04 23:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 17:48 - 2017-09-04 23:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 17:48 - 2017-09-04 23:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 17:48 - 2017-09-04 23:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 17:48 - 2017-09-04 23:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 17:48 - 2017-09-04 23:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 17:48 - 2017-09-04 23:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 17:48 - 2017-09-04 23:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 17:48 - 2017-09-04 23:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 17:48 - 2017-09-04 23:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 17:48 - 2017-09-04 23:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 17:48 - 2017-09-04 23:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 17:48 - 2017-09-04 23:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 17:48 - 2017-09-04 23:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 17:48 - 2017-09-04 23:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 17:48 - 2017-09-04 23:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 17:48 - 2017-09-04 23:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 17:48 - 2017-09-04 23:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 17:48 - 2017-09-04 23:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 17:48 - 2017-09-04 23:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 17:48 - 2017-09-04 23:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 17:48 - 2017-09-04 23:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 17:48 - 2017-09-04 23:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 17:48 - 2017-09-04 23:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 17:48 - 2017-09-04 23:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 17:48 - 2017-09-04 23:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 17:48 - 2017-09-04 23:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 17:48 - 2017-09-04 23:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 17:48 - 2017-09-04 23:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 17:48 - 2017-09-04 23:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 17:48 - 2017-09-04 23:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 17:48 - 2017-09-04 23:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 17:48 - 2017-09-04 23:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 17:48 - 2017-09-04 23:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 17:48 - 2017-09-04 23:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 17:48 - 2017-09-04 23:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 17:48 - 2017-09-04 23:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 17:48 - 2017-09-04 23:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 17:48 - 2017-09-04 23:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 17:48 - 2017-09-04 23:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 17:48 - 2017-09-04 23:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 17:48 - 2017-09-04 23:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 17:48 - 2017-09-04 23:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 17:48 - 2017-09-04 23:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 17:48 - 2017-09-04 23:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 17:48 - 2017-09-04 23:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 17:47 - 2017-09-05 00:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 17:47 - 2017-09-05 00:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 17:47 - 2017-09-05 00:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 17:47 - 2017-09-05 00:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 17:47 - 2017-09-05 00:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 17:47 - 2017-09-05 00:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 17:47 - 2017-09-05 00:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 17:47 - 2017-09-05 00:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 17:47 - 2017-09-05 00:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 17:47 - 2017-09-05 00:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 17:47 - 2017-09-05 00:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 17:47 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 17:47 - 2017-09-05 00:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 17:47 - 2017-09-05 00:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 17:47 - 2017-09-05 00:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 17:47 - 2017-09-05 00:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 17:47 - 2017-09-05 00:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 17:47 - 2017-09-05 00:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 17:47 - 2017-09-05 00:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 17:47 - 2017-09-05 00:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 17:47 - 2017-09-05 00:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 17:47 - 2017-09-05 00:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 17:47 - 2017-09-05 00:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 17:47 - 2017-09-05 00:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 17:47 - 2017-09-05 00:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 17:47 - 2017-09-05 00:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 17:47 - 2017-09-05 00:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 17:47 - 2017-09-05 00:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 17:47 - 2017-09-05 00:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 17:47 - 2017-09-05 00:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 17:47 - 2017-09-05 00:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 17:47 - 2017-09-05 00:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 17:47 - 2017-09-05 00:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 17:47 - 2017-09-05 00:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 17:47 - 2017-09-05 00:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 17:47 - 2017-09-05 00:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 17:47 - 2017-09-05 00:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 17:47 - 2017-09-05 00:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 17:47 - 2017-09-05 00:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 17:47 - 2017-09-05 00:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 17:47 - 2017-09-05 00:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 17:47 - 2017-09-05 00:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 17:47 - 2017-09-05 00:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 17:47 - 2017-09-05 00:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 17:47 - 2017-09-05 00:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 17:47 - 2017-09-05 00:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 17:47 - 2017-09-05 00:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 17:47 - 2017-09-05 00:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 17:47 - 2017-09-05 00:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 17:47 - 2017-09-05 00:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 17:47 - 2017-09-04 23:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 17:47 - 2017-09-04 23:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 17:47 - 2017-09-04 23:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 17:47 - 2017-09-04 23:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 17:47 - 2017-09-04 23:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 17:47 - 2017-09-04 23:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 17:47 - 2017-09-04 23:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 17:47 - 2017-09-04 23:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 17:47 - 2017-09-04 23:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 17:47 - 2017-09-04 23:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 17:47 - 2017-09-04 23:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 17:47 - 2017-09-04 23:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 17:47 - 2017-09-04 23:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 17:47 - 2017-09-04 23:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 17:47 - 2017-09-04 23:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 17:47 - 2017-09-04 23:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 17:47 - 2017-09-04 23:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 17:47 - 2017-09-04 23:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 17:47 - 2017-09-04 23:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 17:47 - 2017-09-04 23:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 17:47 - 2017-09-04 23:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 17:47 - 2017-09-04 23:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 17:47 - 2017-09-04 23:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 17:47 - 2017-09-04 23:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 17:47 - 2017-09-04 23:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 17:47 - 2017-09-04 23:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 17:47 - 2017-09-04 23:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 17:47 - 2017-09-04 23:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 17:47 - 2017-09-04 23:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 17:47 - 2017-09-04 23:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 17:47 - 2017-09-04 23:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 17:47 - 2017-09-04 23:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 17:47 - 2017-09-04 23:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 17:47 - 2017-09-04 23:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 17:47 - 2017-09-04 23:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 17:47 - 2017-09-04 23:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 17:47 - 2017-09-04 23:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 17:47 - 2017-09-04 23:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 17:47 - 2017-09-04 23:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 17:47 - 2017-09-04 23:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 17:47 - 2017-09-04 23:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 17:47 - 2017-09-04 23:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 17:47 - 2017-09-04 23:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 17:47 - 2017-09-04 23:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 17:47 - 2017-09-04 23:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 17:47 - 2017-09-04 23:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 17:47 - 2017-09-04 23:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 17:47 - 2017-09-04 23:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 17:47 - 2017-09-04 23:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 17:47 - 2017-09-04 23:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 17:47 - 2017-09-04 23:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 17:47 - 2017-09-04 23:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 17:47 - 2017-09-04 23:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 17:47 - 2017-09-04 23:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 17:47 - 2017-09-04 23:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 17:47 - 2017-09-04 23:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 17:47 - 2017-09-04 23:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 17:47 - 2017-09-04 23:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 17:47 - 2017-09-04 23:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 17:47 - 2017-09-04 23:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 17:47 - 2017-09-04 23:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 17:47 - 2017-09-04 23:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 17:47 - 2017-09-04 23:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 17:47 - 2017-09-04 23:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 17:47 - 2017-09-04 23:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 17:47 - 2017-09-04 23:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 17:47 - 2017-09-04 23:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 17:47 - 2017-09-04 23:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 17:47 - 2017-09-04 23:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 17:47 - 2017-09-04 23:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 17:47 - 2017-09-04 23:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 17:47 - 2017-09-04 23:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 17:47 - 2017-09-04 23:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 17:47 - 2017-09-04 23:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 17:47 - 2017-09-04 23:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 17:47 - 2017-09-04 23:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 17:47 - 2017-09-04 23:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 17:47 - 2017-09-04 23:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 17:47 - 2017-09-04 23:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 17:47 - 2017-09-01 00:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 05:37 - 2017-09-12 05:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-12 05:37 - 2017-08-21 17:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-09-12 05:31 - 2017-09-12 05:31 - 000000000 ____D C:\NVIDIA
2017-09-12 05:04 - 2017-09-12 05:04 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Battlestate Games
2017-09-12 05:02 - 2017-09-12 05:02 - 000000000 ____D C:\Users\Mark\Documents\Escape from Tarkov
2017-09-12 04:10 - 2017-09-12 05:05 - 000000000 ____D C:\Users\Mark\Documents\EFT
2017-09-12 04:05 - 2017-10-05 09:09 - 000000000 ____D C:\Battlestate Games
2017-09-12 04:05 - 2017-10-05 08:57 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Battlestate Games
2017-09-12 04:05 - 2017-10-05 08:57 - 000000000 ____D C:\Users\Mark\AppData\Local\Battlestate Games
2017-09-12 04:05 - 2017-09-12 04:05 - 000000000 ____D C:\ProgramData\Battlestate Games
2017-09-11 06:29 - 2017-09-11 06:30 - 000000000 ____D C:\Users\Mark\Downloads\[Eng-Sub] [KHMER-HENTAI] Hana no Joshi Announcer_ Newscaster Etsuko (Foxy Nudes - 花の女子アナ ニュースキャスター・悦子) Ep.01-02 [Unsenser]
2017-09-11 06:26 - 2017-09-11 06:26 - 000000000 ____D C:\Users\Mark\Downloads\LOVELY x CATION_ Pretty x CationThe Animation
2017-09-11 03:38 - 2017-09-11 03:39 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-11 03:38 - 2017-09-11 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 19:13 - 2015-08-28 22:50 - 000000000 ____D C:\Users\Mark\AppData\Local\Battle.net
2017-10-11 19:06 - 2017-04-19 23:42 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2017-10-11 18:59 - 2017-06-02 17:36 - 000004534 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-11 18:59 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-11 18:59 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-11 18:48 - 2015-08-08 05:15 - 000000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2017-10-11 18:43 - 2017-06-02 17:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-11 18:24 - 2017-06-26 03:53 - 000000000 ____D C:\Users\Mark\.MemuHyperv
2017-10-11 17:04 - 2015-08-09 22:48 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-11 17:01 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-11 14:37 - 2017-06-02 17:36 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7C8193E-D282-400B-AAE8-E3DE93E4BFCC}
2017-10-11 12:25 - 2017-06-02 17:17 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-11 09:58 - 2017-06-02 17:36 - 000003390 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3005113735-2392873494-3154320556-1000
2017-10-11 09:58 - 2015-11-15 22:19 - 000000425 _____ C:\Users\Mark\AppData\Local\UserProducts.xml
2017-10-11 09:58 - 2015-11-15 22:19 - 000000402 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3005113735-2392873494-3154320556-1000.job
2017-10-11 08:23 - 2015-08-28 22:50 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-11 08:17 - 2015-10-23 05:44 - 000000000 ___RD C:\Users\Mark\OneDrive
2017-10-11 08:16 - 2017-06-02 17:19 - 000000000 ____D C:\Users\Mark
2017-10-11 08:16 - 2015-10-23 05:39 - 000000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
2017-10-11 03:04 - 2015-10-30 01:02 - 000000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2017-10-11 03:02 - 2014-05-27 02:52 - 000000000 ____D C:\Users\Mark\Desktop\RealTemp_370
2017-10-11 02:56 - 2017-02-11 20:30 - 000000000 ____D C:\Users\Mark\AppData\Roaming\qBittorrent
2017-10-11 01:52 - 2016-02-10 01:08 - 000000000 ____D C:\Users\Mark\Desktop\memed
2017-10-11 00:42 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 00:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 14:00 - 2015-08-18 05:29 - 000000000 ____D C:\ProgramData\ProductData
2017-10-07 05:08 - 2016-02-10 01:09 - 000000000 ____D C:\Users\Mark\Desktop\Hen-tie
2017-10-06 13:32 - 2017-06-02 17:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-06 13:32 - 2017-03-18 06:40 - 020709376 _____ C:\WINDOWS\system32\config\HARDWARE
2017-10-06 13:32 - 2017-03-18 06:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-10-06 13:32 - 2015-08-07 15:48 - 000034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2017-10-06 10:03 - 2015-09-10 20:47 - 000000000 ____D C:\WINDOWS\pss
2017-10-06 09:51 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-06 08:58 - 2015-08-07 22:51 - 000000000 ____D C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2017-10-06 07:23 - 2017-07-09 16:39 - 000000000 ____D C:\AdwCleaner
2017-10-06 07:23 - 2015-08-18 05:29 - 000000000 ____D C:\Users\Mark\AppData\Roaming\IObit
2017-10-05 17:31 - 2015-09-30 00:57 - 000007620 _____ C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2017-10-05 09:31 - 2015-08-28 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-10-05 09:31 - 2015-08-28 22:50 - 000000000 ____D C:\Users\Mark\AppData\Local\Blizzard Entertainment
2017-10-05 09:31 - 2015-08-28 22:50 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-10-05 09:26 - 2017-07-25 16:05 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayNC
2017-10-05 09:09 - 2017-07-08 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-10-05 09:07 - 2015-08-07 15:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-05 08:50 - 2015-08-18 05:29 - 000000000 ____D C:\ProgramData\IObit
2017-10-05 08:39 - 2017-06-02 17:18 - 001562686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-05 03:58 - 2017-05-14 19:49 - 000000000 ____D C:\Users\Mark\Desktop\SAMURAI QUACK QUACK
2017-10-05 03:55 - 2016-10-24 00:04 - 000000000 ____D C:\Users\Mark\AppData\Local\Geckofx
2017-10-05 03:27 - 2017-07-12 00:56 - 000000000 ____D C:\Users\Mark\Desktop\NEWER DOUJINS
2017-10-05 01:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-04 07:56 - 2015-08-24 01:02 - 000000000 ____D C:\Users\Mark\AppData\Roaming\TS3Client
2017-10-01 18:28 - 2015-12-25 18:53 - 000000000 ____D C:\Users\Mark\AppData\Roaming\.minecraft
2017-09-28 02:41 - 2015-12-24 19:33 - 000000000 ____D C:\Users\Mark\AppData\Roaming\The Creative Assembly
2017-09-27 17:11 - 2017-07-15 01:13 - 000000000 ____D C:\Program Files\Epic Games
2017-09-27 09:37 - 2017-01-07 03:06 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-25 14:43 - 2015-08-07 15:24 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-18 12:24 - 2017-08-29 00:00 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-17 02:38 - 2017-05-16 07:59 - 000000000 ____D C:\Users\Mark\Desktop\Breaking Bad
2017-09-16 01:26 - 2015-11-25 01:50 - 000000000 ____D C:\Users\Mark\AppData\Local\UnrealEngine
2017-09-14 19:32 - 2017-07-18 18:54 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3005113735-2392873494-3154320556-1000
2017-09-14 19:32 - 2015-10-23 05:44 - 000002401 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-13 14:00 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 11:41 - 2015-09-10 00:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 11:37 - 2017-06-02 17:15 - 004873992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:34 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 17:52 - 2015-08-07 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 17:50 - 2015-08-07 23:43 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 14:01 - 2017-06-02 17:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-12 05:38 - 2017-06-02 17:36 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:38 - 2017-06-02 17:36 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:36 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-12 05:37 - 2017-06-02 17:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-12 05:37 - 2017-06-02 17:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-12 05:37 - 2016-09-12 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-12 05:31 - 2016-03-20 06:59 - 000000000 ____D C:\Users\Mark\AppData\Local\NVIDIA Corporation
2017-09-12 03:13 - 2015-01-15 00:07 - 000000000 ____D C:\Users\Mark\Desktop\VisualBoyAdvance-1.8.0-beta3

==================== Files in the root of some directories =======

2017-10-05 09:16 - 2017-10-05 09:16 - 000000000 _____ () C:\Users\Mark\AppData\Roaming\1.txt
2017-07-29 21:29 - 2017-07-29 21:29 - 039313072 _____ () C:\Users\Mark\AppData\Roaming\gameboxsetup.exe
2015-09-30 00:57 - 2017-10-05 17:31 - 000007620 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2015-11-15 22:19 - 2015-11-15 22:19 - 000000003 _____ () C:\Users\Mark\AppData\Local\updater.log
2015-11-15 22:19 - 2017-10-11 09:58 - 000000425 _____ () C:\Users\Mark\AppData\Local\UserProducts.xml
2015-08-07 13:49 - 2015-08-07 13:49 - 000000003 _____ () C:\Users\Mark\AppData\Local\user_data.ini
2017-03-10 22:06 - 2017-03-10 22:06 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-10-15 19:06 - 2017-06-11 18:08 - 000000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-06-17 01:05 - 2017-07-14 18:52 - 000000088 _____ () C:\Users\Mark\AppData\Local\Temp\50a7c79f0ea3659ddc8c269c8cda1754.dll
2017-06-17 01:05 - 2017-06-17 01:05 - 000000180 _____ () C:\Users\Mark\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-07-27 09:23 - 2017-07-27 09:23 - 000740416 _____ (Oracle Corporation) C:\Users\Mark\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-05-22 18:15 - 2017-08-21 17:33 - 000758472 _____ (NVIDIA Corporation) C:\Users\Mark\AppData\Local\Temp\nvSCPAPI.dll
2017-05-22 18:15 - 2017-08-21 17:33 - 000873136 _____ (NVIDIA Corporation) C:\Users\Mark\AppData\Local\Temp\nvSCPAPI64.dll
2017-06-29 13:49 - 2017-08-21 17:33 - 000368760 _____ (NVIDIA Corporation) C:\Users\Mark\AppData\Local\Temp\nvStInst.exe
2017-06-26 23:52 - 2017-10-11 18:24 - 000492544 _____ () C:\Users\Mark\AppData\Local\Temp\s3.exe
2017-05-19 15:42 - 2017-05-19 15:42 - 014608752 _____ (Samsung Electronics                                         ) C:\Users\Mark\AppData\Local\Temp\Samsung_Magician_Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-04 17:42

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mark (11-10-2017 19:14:21)
Running from C:\Users\Mark\Desktop
Windows 10 Pro Version 1703 170317-1834 (X64) (2017-06-02 22:42:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3005113735-2392873494-3154320556-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3005113735-2392873494-3154320556-503 - Limited - Disabled)
Guest (S-1-5-21-3005113735-2392873494-3154320556-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3005113735-2392873494-3154320556-1002 - Limited - Enabled)
Mark (S-1-5-21-3005113735-2392873494-3154320556-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.257 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
DuOS (HKLM\...\{25E5B76A-CA64-4569-B639-0F50CF4FB537}) (Version: 2.0.8.8511 - American Megatrends Inc.)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
Epic Games Launcher (HKLM-x32\...\{27931093-A747-4C2C-96D4-47549AA0E298}) (Version: 1.1.116.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVGA Precision X 4.1.0 (HKLM-x32\...\PrecisionX) (Version: 4.1.0 - EVGA Corporation)
EVGA Precision XOC (HKLM-x32\...\{71E7CE21-C054-48DE-8305-8EDB75F6733B}) (Version: 6.1.4 - EVGA Corporation)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.99 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HF pAppLoc version 1.2 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.2 - Inquisitor)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.49 - IObit)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 12.0.1 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.1 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lightning Warrior Raidy III (HKLM-x32\...\Lightning Warrior Raidy III1.0) (Version: 1.0 - JAST USA)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Live2D Viewer (HKLM-x32\...\{8ACF3331-A09C-E671-BEE0-8789B39369B2}) (Version: 2.1.0 - Live2D Inc.) Hidden
Live2D Viewer (HKLM-x32\...\Live2DViewer) (Version: 2.1.0 - Live2D Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MapleRoyals version 1.0.0 (HKLM-x32\...\{34644B76-590D-4461-98E2-F88CC49C3C0E}_is1) (Version: 1.0.0 - MapleRoyals)
MAYFLASH GameCube Controller Adapter (HKLM-x32\...\{FEF678F8-4BD4-4692-8288-6CAFFDFD7739}) (Version: 3.85 - MAYFLASH)
MEmu (HKLM-x32\...\MEmu) (Version: 3.0.8.0 - Microvirt Software Technology Co. Ltd.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NarutoOnline 2.4.0.12121 (HKLM-x32\...\NarutoOnline) (Version: 2.4.0.12121 - Oasgames, Inc.) <==== ATTENTION
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{f868d487-73d8-4779-8588-b25e480af9a6}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{58D1DCCB-1D75-416B-8307-56DC71954EFB}) (Version: 2.46.0 - The Pokémon Company International)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.26 - Portforward, LLC)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.2.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realm Grinder (HKLM\...\Steam App 610080) (Version:  - Divine Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Shadowverse (HKLM\...\Steam App 453480) (Version:  - Cygames, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Star Wars: Battlefront 2 (Classic, 2005) (HKLM\...\Steam App 6060) (Version:  - Pandemic Studios)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
The Escapists 2 (HKLM\...\Steam App 641990) (Version:  - Team17 Digital Ltd)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Total War: WARHAMMER II (HKLM\...\Steam App 594570) (Version:  - Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Unity Web Player (HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\UnityWebPlayer) (Version: 5.3.0f4 - Unity Technologies ApS)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
カスタムメイド3D2 (HKLM-x32\...\カスタムメイド3D2) (Version:  - KISS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3005113735-2392873494-3154320556-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-13] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B556CD-B9C2-4E2B-B7F9-8926AE87959A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {04BDC6D9-DC36-4BCA-8A5F-B69FDE37A285} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-21] (NVIDIA Corporation)
Task: {04DCF928-47D7-4C0D-972A-93EB65870B0D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E77F9C9-218D-470A-9668-B76BB1867DAE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0F3D309A-9EFA-454B-B51F-E6A2F221E68A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11AE9DE6-1C3B-4F69-9B19-A9FFD6F19BED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1514D460-1394-4F3B-AC1C-BD5E95A38F34} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {1AA85C13-8615-44CE-8565-7142A1B4F1C8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {25896269-88ED-4578-A357-E3C6D185A252} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B840A92-577E-4D7F-82EB-D7C5EEDF305E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {2F81984B-1167-4EBA-AD2F-6867B3950A8A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30A9B05E-7FA7-46C2-802E-28D82275A476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {32E28C68-4799-4B5D-8A07-AEEF9FE76773} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-11] (Adobe Systems Incorporated)
Task: {3417B699-4C76-44B8-91B8-118C6C4B8F21} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {34E41AA5-76C5-400D-B552-0D6B983A4F34} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-21] (NVIDIA Corporation)
Task: {3F7FE351-7CD9-4A76-A911-0C991F5B5131} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {438999CE-8AF4-4541-8DA8-5C022E660ADF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4BEAA148-7CF1-4931-A71A-273A0D549587} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {50E742BE-BD24-465A-88E5-368B8A7262E6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-21] (NVIDIA Corporation)
Task: {5452C51B-38AE-4142-A589-48604844167C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-21] (NVIDIA Corporation)
Task: {549B9FF4-32FD-4181-A877-46AC77FCDDCD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B31EAF7-996D-47A7-9C63-AB33F755427E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5F0FFE47-5041-4090-BCFB-0DD355E7A75F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-21] (NVIDIA Corporation)
Task: {692553DE-3A24-4200-90D9-C3D05DF41375} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-11] (Adobe Systems Incorporated)
Task: {6EE5CF69-5CA5-4A00-9961-D1DB49335041} - System32\Tasks\update-S-1-5-21-3005113735-2392873494-3154320556-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {74D25104-FC5E-4B67-B91D-FE7B2C248C17} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {77518497-4644-4F14-9AD3-5769DD39BF58} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-21] (NVIDIA Corporation)
Task: {7FE5640D-E33F-4EE6-9191-7E97DB2E209A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8B4B49FD-CF98-4F6C-8C03-C35DFAFE1A63} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C683325-9D2E-4A93-984E-42B2DE6E0E00} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {917A1B39-9EE6-4338-915F-EB75E2C7EDD7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-21] (NVIDIA Corporation)
Task: {929E9B14-04DF-41E5-AA58-8B90B80B7E8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9A1B5C47-6A38-47E0-BBFE-DEB55BC74F76} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-21] (NVIDIA Corporation)
Task: {A1105832-E88A-4246-AACE-9FFE45DCECE4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB8795E9-90AF-4969-8599-2D86D874CC2A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ADC90256-ED59-4D42-82C9-FF948254966D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBD854E7-6DB9-498D-8984-BC19AB7AAF92} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD7B077C-B029-4013-B79A-1F59DA6C518F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C5314A24-6BDC-4E3F-907B-B9BC9BF75880} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {CAF986F8-90F0-4494-B4D8-68E395475859} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE238387-5ECE-4D90-B864-6EA5DE4396CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8145110-56BC-4F03-959F-31DA4321549E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D8F2C6F9-3030-4C82-A2C0-E5993A4A3A8F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D99D7E99-CBD5-4C38-A662-068A7D2D61C5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA129E9F-B2E4-4AFD-95C6-4304F856A129} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {E7298770-FE7E-4455-B8F9-4EA5EF402897} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F6359498-7AC6-4EC4-9724-08520DE4C647} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F727A97F-71C2-4B57-A8CF-607EB0C31B14} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FBDC99D1-531D-41BC-910F-B8F3E6783289} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE85940D-88B7-4A00-80E0-200433FDC06D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FF448134-A4F5-4632-A9D2-9811E5F3C2CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3005113735-2392873494-3154320556-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\グランブルーファンタジー[ChromeApps版].lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=eablgejicbklomgaiclcolfilbkckngf
ShortcutWithArgument: C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Mark\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm

==================== Loaded Modules (Whitelisted) ==============

2016-10-30 21:48 - 2017-08-21 20:01 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 000133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 18:26 - 2012-02-09 18:26 - 000036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2012-02-09 18:26 - 2012-02-09 18:26 - 000048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2016-09-24 17:20 - 2016-09-24 17:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-10-05 08:42 - 2017-09-27 09:37 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-05 08:42 - 2017-09-27 09:37 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-22 23:27 - 2017-08-22 23:27 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 23:27 - 2017-08-22 23:27 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 23:27 - 2017-08-22 23:27 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 23:27 - 2017-08-22 23:27 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-04-16 16:45 - 2012-04-16 16:45 - 000119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2015-08-07 13:52 - 2011-05-19 11:58 - 000246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-09-25 14:43 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 14:43 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-22 15:29 - 2017-09-22 15:29 - 002074088 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9397\Battle.net Helper.exe
2017-10-01 20:20 - 2017-10-01 20:20 - 000936960 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\sbbmxwh.exe
2017-10-04 19:51 - 2017-10-04 19:52 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-04 19:51 - 2017-10-04 19:52 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-04 19:51 - 2017-10-04 19:51 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-28 20:27 - 2017-08-28 20:27 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-04 19:51 - 2017-10-04 19:52 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-04 19:51 - 2017-10-04 19:51 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-03-30 04:03 - 2015-07-24 22:08 - 000383456 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuDDU.dll
2017-03-30 04:03 - 2015-07-24 22:07 - 003901912 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuRT.dll
2017-03-30 04:02 - 2015-07-23 03:02 - 000037352 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuPuelMain.DLL
2017-03-30 04:02 - 2015-07-23 03:02 - 000022456 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\VDPluginCrypt.DLL
2017-03-30 04:03 - 2015-07-24 22:14 - 000306712 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuHeadless.exe
2017-03-30 04:03 - 2015-11-02 07:11 - 002485168 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuHPV.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000674440 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuREM.dll
2017-03-30 04:03 - 2015-11-02 07:11 - 000029648 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuSharedClipboard.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000046640 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuDragAndDropSvc.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000048200 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuGuestPropSvc.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000045616 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuGuestControlSvc.DLL
2017-03-30 04:03 - 2016-09-08 03:21 - 001563760 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuDD.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000203224 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuDD2.dll
2017-03-30 04:02 - 2015-07-23 03:02 - 000191864 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuHostWebcam.DLL
2017-03-30 04:02 - 2015-07-23 03:02 - 000069288 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuEhciR3.DLL
2017-03-30 04:02 - 2015-07-23 03:02 - 000085768 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuUsbCardReaderR3.DLL
2017-03-30 04:02 - 2015-07-23 03:02 - 000091936 _____ () C:\Program Files\Microvirt\MEmuHyperv\ExtensionPacks\Microvirt_VM_MemuHyperv_Extension_Pack\win.amd64\MEmuUsbWebcamR3.DLL
2017-03-30 04:03 - 2015-11-02 07:11 - 000040472 _____ () C:\Program Files\Microvirt\MEmuHyperv\MEmuSharedFolders.DLL
2017-03-30 04:02 - 2016-01-15 22:00 - 000895320 _____ () C:\Program Files\Microvirt\MEmu\adb.exe
2017-09-29 11:24 - 2017-09-29 11:24 - 001087488 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
2017-10-05 08:50 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-10-05 08:50 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-10-05 08:50 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-09-13 13:56 - 2017-09-13 13:56 - 000016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\fdeaf29f2f197a5aedf7d295efcc11cc\PSIClient.ni.dll
2015-08-07 15:37 - 2012-07-18 08:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 13:42 - 2012-04-16 13:42 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 22:15 - 2011-08-15 22:15 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 18:41 - 2011-08-17 18:41 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 21:23 - 2011-08-15 21:23 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 13:41 - 2012-04-16 13:41 - 000484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 13:56 - 2012-04-16 13:56 - 000500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 13:38 - 2012-04-16 13:38 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-08-15 22:17 - 2011-08-15 22:17 - 009224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 18:05 - 2011-07-19 18:05 - 014978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 18:04 - 2011-07-19 18:04 - 000317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2017-08-08 19:00 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Mark\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-10 03:55 - 2017-08-10 03:55 - 001577976 _____ () \\?\C:\Users\Mark\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2016-10-30 21:49 - 2017-08-21 20:01 - 069807736 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-08-08 19:00 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Mark\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 19:00 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Mark\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-10 03:55 - 2017-10-06 07:10 - 009722360 _____ () \\?\C:\Users\Mark\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-10 03:55 - 2017-08-10 03:55 - 001440248 _____ () \\?\C:\Users\Mark\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-10-11 08:17 - 2017-10-11 08:17 - 000148992 _____ () \\?\C:\Users\Mark\AppData\Local\Temp\FF4D.tmp.node
2017-08-10 03:55 - 2017-08-10 03:55 - 002658296 _____ () \\?\C:\Users\Mark\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-10 13:32 - 2017-08-10 13:32 - 002673656 _____ () \\?\C:\Users\Mark\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2016-10-30 21:48 - 2017-08-21 20:01 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-08-09 22:49 - 2017-08-04 16:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-09 22:49 - 2017-10-04 18:49 - 002507552 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-09 22:49 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-09 22:49 - 2016-01-27 02:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-09 22:49 - 2016-01-27 02:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-09 22:49 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-09 22:49 - 2016-01-27 02:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-09 22:49 - 2016-01-27 02:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-09 22:49 - 2016-01-27 02:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-09 22:49 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-09 22:49 - 2017-10-04 18:49 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 00:48 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 01:28 - 2017-07-17 17:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 17:44 - 2017-05-16 20:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-08-09 22:49 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-22 15:29 - 2017-09-22 15:29 - 055782888 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9397\libcef.dll
2017-09-22 15:29 - 2017-09-22 15:29 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9397\ortp.dll
2017-09-22 15:29 - 2017-09-22 15:29 - 000133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9397\libEGL.dll
2017-09-22 15:29 - 2017-09-22 15:29 - 003384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.9397\libGLESv2.dll
2017-10-05 08:50 - 2017-05-22 11:17 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-10-05 08:50 - 2017-05-23 18:57 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-10-05 08:50 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
2017-03-30 04:02 - 2016-01-15 22:01 - 001040608 _____ () C:\Program Files\Microvirt\MEmu\libstdc++-6.dll
2017-03-30 04:02 - 2016-01-15 22:01 - 000128552 _____ () C:\Program Files\Microvirt\MEmu\libgcc_s_dw2-1.dll
2017-03-30 04:02 - 2016-08-23 08:17 - 003443680 _____ () C:\Program Files\Microvirt\MEmu\libopencv_core249.dll
2017-03-30 04:02 - 2016-08-23 08:17 - 003098193 _____ () C:\Program Files\Microvirt\MEmu\libopencv_imgproc249.dll
2017-03-30 04:02 - 2016-01-15 22:01 - 001736912 _____ () C:\Program Files\Microvirt\MEmu\icuuc53.dll
2017-03-30 04:02 - 2015-05-23 03:34 - 000782350 _____ () C:\Program Files\Microvirt\MEmu\libprotobuf-7.dll
2017-03-30 04:02 - 2016-01-15 22:01 - 002771568 _____ () C:\Program Files\Microvirt\MEmu\icuin53.dll
2017-03-30 04:02 - 2016-09-22 06:25 - 001335432 _____ () C:\Program Files\Microvirt\MEmu\icudt53.dll
2017-05-22 04:20 - 2017-05-22 01:16 - 000437928 _____ () C:\Program Files\Microvirt\MEmu\libOpenglRender.dll
2017-05-22 04:20 - 2017-05-22 01:16 - 000226984 _____ () C:\Program Files\Microvirt\MEmu\libEGL_translator.DLL
2017-05-22 04:20 - 2017-05-22 01:16 - 000316584 _____ () C:\Program Files\Microvirt\MEmu\libGLES_CM_translator.DLL
2017-05-22 04:20 - 2017-05-22 01:16 - 000304296 _____ () C:\Program Files\Microvirt\MEmu\libGLES_V2_translator.DLL
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Mark\AppData\Local\sbbmxwh\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-10-26 04:03 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\Desktop\WALLPAPER\paperwall\stretched-1920-1080-736462.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nexon Launcher.lnk => C:\Windows\pss\Nexon Launcher.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-3005113735-2392873494-3154320556-1000\...\StartupApproved\Run: => "Gaijin.Net Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00AAE241-0943-4D60-AA76-DC6D727BE95C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RogueSquadron\ROGUE\ROGUE.EXE
FirewallRules: [{FAA43C9E-CB67-4721-88F9-E6918902201C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RogueSquadron\ROGUE\ROGUE.EXE
FirewallRules: [{1AEE45E1-2B0E-437B-A8A8-182939916DC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{E8CFC4A2-C599-4616-B017-C3BFD336C12D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{14768555-1619-4954-A770-10036BB50D20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{D4CC14FE-74E5-43BB-9FB8-9C24E483229B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{71FC11E8-2872-451F-8803-51415CF5A326}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{7FCC561F-2DB4-4F92-A0DD-1C16313FF8D1}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{ECB0B62A-F77A-4D0A-B66D-A6BAE735FAEB}] => (Allow) C:\Users\Mark\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{09C9DEB3-90BC-4E10-A32F-F36BF52AC74E}] => (Allow) C:\Users\Mark\Downloads\bin\BlackDesert32.exe
FirewallRules: [UDP Query User{B1EAB169-EA3E-4915-B807-5C34ACDEE8CD}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{B3632A27-4DCE-4707-B4E5-4574A4359E20}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{15191DEF-9B97-41B3-ACEF-6EBE7147B824}C:\users\mark\desktop\rimworld.alpha.17.v0.17.1546\rimworldwin.exe] => (Allow) C:\users\mark\desktop\rimworld.alpha.17.v0.17.1546\rimworldwin.exe
FirewallRules: [TCP Query User{4CDCAB6B-138E-4BD0-B6C4-F597C18997C2}C:\users\mark\desktop\rimworld.alpha.17.v0.17.1546\rimworldwin.exe] => (Allow) C:\users\mark\desktop\rimworld.alpha.17.v0.17.1546\rimworldwin.exe
FirewallRules: [{6AE7A8CF-3D2C-48B4-A653-45A11B2227E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4C79DC18-E066-45F1-AB60-21ACA8377AED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{EF5CE26A-FAD1-440C-B7EF-25E5D891B0D7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{563CD7B1-3998-4D12-95CD-02589CF9E7CF}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9ECE21F9-A858-4F8E-ABEF-B8C974FAA205}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{F7DFEDBA-8FCA-4684-8A91-5DFD37C6EBAE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [UDP Query User{3A5E9AF1-8595-45DD-9BCC-0AE3129F1BE3}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [TCP Query User{BDC9FA47-413E-4252-8D87-0C18A12B5C59}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [{EDEFC750-F692-4E6D-A262-9CCC2CF49703}] => (Allow) LPort=1900
FirewallRules: [{18931F9D-6503-4459-ADA1-044327C11252}] => (Allow) LPort=2869
FirewallRules: [{5DC881B5-FED4-4BD8-99AD-C759EED2C77A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{957782A7-A574-473F-BCF0-677B760EA6FF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E2686075-65DB-461A-ADE2-EC1F5D3D5045}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{F7C6299A-C1B6-43B8-BF3B-E6979E36F4B3}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe
FirewallRules: [TCP Query User{71BABA6D-1123-4ED0-AF32-D00F22B485B5}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe
FirewallRules: [UDP Query User{DA5EC85C-4618-41BB-A5A2-552D60F26063}C:\games\stepmania 5\program\stepmania-sse2.exe] => (Allow) C:\games\stepmania 5\program\stepmania-sse2.exe
FirewallRules: [TCP Query User{21BB937D-DD8D-4676-A5BB-E89B82E44867}C:\games\stepmania 5\program\stepmania-sse2.exe] => (Allow) C:\games\stepmania 5\program\stepmania-sse2.exe
FirewallRules: [TCP Query User{0C312EA6-EF2F-4F86-83D6-34A1F677FE3C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3FCFC082-14F7-4B06-8300-4DE85B028DAB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1B464705-A5A8-4617-8128-DA6525A1C0F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3862C98-2E81-4835-98D8-508749B5C1CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B87C669C-4B9E-4E4C-83EA-9DBA0E73EDA9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2F593975-BA57-49FA-923B-FC8AE51EFC00}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BA405E86-63A9-4008-96AD-65049C165805}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [UDP Query User{C6CBF38C-F377-464E-942E-7C2E6CA4F067}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [TCP Query User{CD935CBB-9F16-4DD5-8715-62C7F82E7472}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{20728DDC-7755-4C71-ACDB-2144F3898579}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{8D3480B5-9FE9-464B-9C96-870ECBD98618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{8186AACF-CF08-4F4F-A34F-4C3232D9B48D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{50E67F22-2E6D-4B93-8223-C8F92AA783D0}] => (Allow) C:\Users\Mark\Downloads\bin\BlackDesert32.exe
FirewallRules: [{C6821F4C-E6AD-43F0-A26E-4C8888912818}] => (Allow) C:\Users\Mark\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{A3A44E65-07B0-4649-A596-B4734F3F3F27}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{06F2DC3E-172E-4D05-B548-59B77650A290}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{366F8AC5-E623-4CB0-BB26-D177649A1931}] => (Allow) C:\Users\Mark\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{0AF96221-498C-4082-8D71-A779008B8EE8}] => (Allow) C:\Users\Mark\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [TCP Query User{67F46EED-3CA5-4E4F-B538-8726A9988758}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{1990F9E5-A1EE-44B7-8FA9-76E7561C318B}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{F9062760-E7AE-4E84-A8CC-B81B1708DB50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{48E1770A-B5C5-45CE-997B-2062A52581C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [TCP Query User{44374040-A04E-432E-A5D7-0F1CE90B250C}C:\users\mark\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\mark\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [UDP Query User{3216B281-6E9C-40A1-8752-6AD46D4B6CC3}C:\users\mark\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\mark\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [TCP Query User{6B333C30-F86E-44F6-9421-9CAC53C0A34D}C:\users\mark\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\users\mark\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [UDP Query User{164A6C96-A845-4CB7-BA7E-D81714C2ACC7}C:\users\mark\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\users\mark\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [TCP Query User{426CD1C3-777B-4729-B540-62E457340B1D}C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [UDP Query User{D27B46F5-0FD3-4C06-899A-01693023836B}C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [TCP Query User{E51666A0-EA71-49C8-A067-5B1F7E0754E9}C:\users\mark\downloads\downloader_starcraft_combo_enus.exe] => (Allow) C:\users\mark\downloads\downloader_starcraft_combo_enus.exe
FirewallRules: [UDP Query User{C27F7AEB-583F-4C0E-88FD-FA940B648733}C:\users\mark\downloads\downloader_starcraft_combo_enus.exe] => (Allow) C:\users\mark\downloads\downloader_starcraft_combo_enus.exe
FirewallRules: [TCP Query User{CC71888D-DFA3-4305-9A8E-83032A79B9A1}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{62CED84A-5887-40CC-8CBF-7C0A2D5C95CE}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [TCP Query User{8A640E0B-EF81-4ADE-A3D9-A83AD05E2D96}C:\nexon\library\maplestory\appdata\aries.exe] => (Allow) C:\nexon\library\maplestory\appdata\aries.exe
FirewallRules: [UDP Query User{3A3B35EF-699F-4108-8981-5FA09B736467}C:\nexon\library\maplestory\appdata\aries.exe] => (Allow) C:\nexon\library\maplestory\appdata\aries.exe
FirewallRules: [TCP Query User{A79B9117-3380-4411-A270-6658389CCF5E}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [UDP Query User{FA3356F6-6FAF-46B1-BE37-A2A31F8B41FC}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [{74D71FFE-5143-45AF-B4B5-DEA59EC9BAE4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{9E849398-4CD2-4FF1-B539-DB043B963B24}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{143C0FEE-47C8-4BC5-8918-FEFBF33EF9E4}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{3567D399-5B1C-4135-A865-992C79397B19}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{B8426094-2598-4911-894E-86B40757FF49}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{87C37963-8994-4425-96DC-1D7AD6D7AC4C}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{E78CEB8E-FDA1-4095-B4E3-4FC3FF2B58DC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A9E5D62-07D2-4704-B63F-9F958A9CD543}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9EC9379A-14AC-4DDB-9C1E-DAA3D204B8D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{81E18CB2-2AE8-49EA-AC3D-BE84EEEBF33E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0B7CA56F-4351-4952-9D44-BBC2212D2398}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B83B541-269D-4DFE-93AC-C2AF94FDE55D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A57A83E8-55D9-4991-BF3C-515AEA3962ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{927D1D2C-41D0-4384-9C66-16D337CC2960}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{0C5EE6EC-E144-48C9-B809-01270007B1FB}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{F3EF91C1-EC9D-4D19-879D-7216853B642D}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{1DF9C2D4-618B-401F-8ADA-B1DE364A7EB9}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{A2263664-95C6-414F-ADD6-C4F027403B9A}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{A6F265BC-17F3-4C10-A23E-76F72A3AE77B}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{8B5193EC-3D9F-47D8-8435-1A621BF268FC}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{DB10DEFB-103E-48DF-AEBA-71ABBA29D159}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{8385400A-CBBB-4201-8D31-AC0FC4E25C39}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{9262B7B6-9CE7-43B4-AEF8-CFFE61D3F0EF}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{A8310107-2CB4-4076-A7A8-C15FDE51BB58}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{F59D48C3-B558-419B-879C-5748EE298AFA}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{E76F22E0-AA51-4672-8CF1-30F347A72576}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{F6EEBB33-3ED6-4890-9F2B-4880DE1395D8}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{A7A9E45F-5E6E-4DAC-BD68-D1AF483A8EAD}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{E97A8298-65C5-4AD3-8AD5-1396FD528C1A}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [TCP Query User{8E1C5A00-C677-4620-96F6-B885756AB1EF}C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{B31E591D-17B3-4CDE-8B58-BF2EB7C8D11C}C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{9F67A973-F68B-40BC-BDF1-300977192190}C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{25D3C087-07B4-4BAF-9B70-412408A79012}C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\program files (x86)\grey box\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{99669F9E-77C9-429D-A7B1-4B8D8C7BBD2F}C:\users\mark\desktop\oxygen.not.included\oxygennotincluded.exe] => (Allow) C:\users\mark\desktop\oxygen.not.included\oxygennotincluded.exe
FirewallRules: [UDP Query User{C913FA2D-6327-49A0-8326-68CF2F7B870C}C:\users\mark\desktop\oxygen.not.included\oxygennotincluded.exe] => (Allow) C:\users\mark\desktop\oxygen.not.included\oxygennotincluded.exe
FirewallRules: [TCP Query User{7F6BBF36-07DF-4629-94C3-B82BC9849FC9}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9D4108F0-9CA6-4186-B28F-16F55B366C02}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{6215BE40-1448-431D-B5C0-9710E2DB300C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C390ED6E-D847-4740-9D0A-1C7479605FC8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{33772A61-DECA-457D-AFF5-282C6D4036E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{92E1C970-E44E-4208-824B-38D93D0ECB0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{403F52E0-8869-4793-8E28-F4B124718680}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{440E2866-63A3-4E33-9704-BB230DC89427}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{C6B778AE-E901-482E-8B03-A1F9F9A16281}C:\users\mark\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\mark\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{2ABA847F-7805-4C07-A50D-449F203E6110}C:\users\mark\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\mark\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{EA3EE4FE-7265-4883-92A1-3D90E234D251}C:\users\mark\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\mark\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{53D3420D-7DBA-465A-A299-A72F373B8A18}C:\users\mark\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\mark\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [TCP Query User{FC6184B2-7F55-4B77-B6A9-184FC266C6DF}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [UDP Query User{0136D123-0024-49BF-B460-E4580677DCA3}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe
FirewallRules: [{604E4051-1918-48F2-8D27-F03396FFBF9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6E642752-EDEB-44DF-B75A-5BE43ADC24D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{870FFE71-E70F-412B-B88E-D6031907D936}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72AE7030-EC5D-495C-88BE-C5B6F880B11A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{64CA8F21-E0F0-4F56-9062-A7899AA94B2A}C:\program files (x86)\steam\steamapps\common\guilty gear xrd -revelator-\binaries\win32\guiltygearxrd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear xrd -revelator-\binaries\win32\guiltygearxrd.exe
FirewallRules: [UDP Query User{265443D1-3DF2-4AA3-A663-D6CE9B7EF3F6}C:\program files (x86)\steam\steamapps\common\guilty gear xrd -revelator-\binaries\win32\guiltygearxrd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear xrd -revelator-\binaries\win32\guiltygearxrd.exe
FirewallRules: [TCP Query User{B209F1A5-E650-4078-957D-220E98784A6D}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe
FirewallRules: [UDP Query User{C70682D0-050F-4931-B85F-38771D9C64C2}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe
FirewallRules: [TCP Query User{FF987E45-F37B-4717-8888-6015328ABA9F}C:\stellaris\stellaris.exe] => (Allow) C:\stellaris\stellaris.exe
FirewallRules: [UDP Query User{CE01C29A-AC01-4B2B-B826-830CF4F7DB5A}C:\stellaris\stellaris.exe] => (Allow) C:\stellaris\stellaris.exe
FirewallRules: [TCP Query User{4869BCAF-9772-4648-95A9-C7C954B39684}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{DADFD6C8-997B-4D0F-81B4-E94BBA59775C}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{9DBB0A37-F256-4CF0-ABC1-67825E5E0DFC}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{A8CC12F9-9EE6-4798-B70E-D8E9836481E8}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{A5ABF21A-FA18-4C43-9086-E886E4BBE78E}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [UDP Query User{150F0D7E-2CF5-40A7-B8ED-3E80CA914E3F}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [{BA206F2B-691B-4FDB-BD3E-78C79DDDAC53}] => (Allow) C:\Users\Mark\Downloads\bin\BlackDesert32.exe
FirewallRules: [{FA4C1A64-435F-44E1-A72F-0D18556775F3}] => (Allow) C:\Users\Mark\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{2F9D4A4B-51E6-438A-B0BE-49F212B8937B}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{26B760EA-ACF2-48FC-93DE-4851B006CACE}] => (Allow) C:\Users\Mark\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{904F44E1-4536-44AE-857B-F2C72F943817}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Grinder\RealmGrinderDesktop.exe
FirewallRules: [{AC0E77A2-6946-4847-AA4E-D481F6681A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm Grinder\RealmGrinderDesktop.exe
FirewallRules: [TCP Query User{C7EEB894-CC4D-4C66-8B21-AA4316D9EF83}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe
FirewallRules: [UDP Query User{8CE9D69A-33A9-4E45-9DE3-1AE5E4F3B83E}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe
FirewallRules: [TCP Query User{0E7F00BC-17D2-4843-8AC7-EBD87CC00EDE}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{D6DD2898-D0BC-4ABB-BC7A-7B2B73A07A9D}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{E11DE99D-B96C-480D-87B9-C4FFF1F0F578}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{F16C1662-1BA8-4570-B5A8-01C085635F11}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
FirewallRules: [{7FE33797-E55E-493C-9E32-E748E2342B54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{61F92D29-CA61-4656-A7FD-F24A64BE6391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [TCP Query User{5F67513D-7256-4E87-825A-7337B1BA7B71}C:\users\mark\appdata\local\programs\lol-skins-viewer\lolskinsviewer.exe] => (Allow) C:\users\mark\appdata\local\programs\lol-skins-viewer\lolskinsviewer.exe
FirewallRules: [UDP Query User{0682ECAF-8A65-432D-99BD-A9E71886B791}C:\users\mark\appdata\local\programs\lol-skins-viewer\lolskinsviewer.exe] => (Allow) C:\users\mark\appdata\local\programs\lol-skins-viewer\lolskinsviewer.exe
FirewallRules: [{38CCD7E5-99EE-48D3-9A6C-6E6BFDE7C788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists 2\TheEscapists2.exe
FirewallRules: [{0BF66D62-46A0-4CAE-8934-CD2E7984A9E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists 2\TheEscapists2.exe
FirewallRules: [{F2AB1086-8E6D-49A1-BAA9-6020335C4419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{47FF550C-5431-4176-AEF6-91CDF7E9B2F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{DF762B10-83F3-4660-AE3F-9EB889889246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{CED8A289-06F8-4DC6-9E2D-32FC214E7311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{887AE1C7-B9BF-4A42-8DE1-F26FE086A6FA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{75FD3F7F-E310-4850-8B7B-EF7AF24F4EF2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{9E2ACC37-E4AB-4D72-B6FF-DDF64D24EA91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7DEC551C-9D10-45A0-897E-1535A3C5EB01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0B9AE1CD-597B-4057-BEA0-946446C624B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48B16272-76C4-49E9-9031-6F5C3874A4AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4E7F58F5-A7DB-4B13-8AFE-B8D2D3BAA4BC}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{ED055563-5467-4CBB-8605-8E9964CFE285}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{F5D30B00-D04B-4B7B-B125-87F70E881BA6}C:\users\mark\desktop\stepmania 5\program\stepmania-sse2.exe] => (Allow) C:\users\mark\desktop\stepmania 5\program\stepmania-sse2.exe
FirewallRules: [UDP Query User{061C303A-CEC7-4F75-9C9E-37C0A0B0194F}C:\users\mark\desktop\stepmania 5\program\stepmania-sse2.exe] => (Allow) C:\users\mark\desktop\stepmania 5\program\stepmania-sse2.exe
FirewallRules: [TCP Query User{48136855-5E86-4049-B0A1-B44DACBAD7CA}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{25669E88-2638-4181-BF37-37EEBF1B18FB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{8C786A71-609A-40B1-9728-C9BCF5917282}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [UDP Query User{76364305-3840-4ECF-ADAF-F385AE58C76D}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [TCP Query User{5B804062-4184-4137-BDF2-2D623C0EAB81}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{FC85B380-3F5F-4A54-870F-629ED8B04B23}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{312B050B-BA98-48E7-BDA4-A4E1736CA4D7}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{2A18C219-CBE5-4FC6-8C1C-F94D0A8EB92A}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{CE78B74C-B3EF-4BAB-B7AE-FA3CAF47E5A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{49FDF73F-1D43-41ED-B106-2BE381042931}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0E08D51C-B5E1-44B1-A719-93C998FF4101}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{5D96EF80-43ED-47FC-9FF4-70BD067F3470}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{FF312F09-AE91-4640-9B30-C2C979114CEC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{520B88A7-F8B1-434B-98D4-8A750EC4782B}C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe
FirewallRules: [UDP Query User{4075BF30-8AFB-4BCD-BCD9-8470ED436F3A}C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe
FirewallRules: [TCP Query User{1FF5FA28-1900-4E30-867F-C0F0897D31CF}C:\program files (x86)\starcraft ii\versions\base56787\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2.exe
FirewallRules: [UDP Query User{F9561AEE-944C-4099-8FE0-50D47DD0AC48}C:\program files (x86)\starcraft ii\versions\base56787\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base56787\sc2.exe
FirewallRules: [{02EF4B44-A67E-46D6-ACAA-DDDB53598911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{011BBB76-C834-47A1-B5BB-B55DB88E33B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{E6C2B1E8-C09D-40B4-BC0A-318EEC10989E}C:\program files (x86)\starcraft ii\versions\base57507\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2.exe
FirewallRules: [UDP Query User{8FF1E2FB-332A-455E-977D-80F50EA876F2}C:\program files (x86)\starcraft ii\versions\base57507\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2.exe
FirewallRules: [{70D9DFE5-7505-445B-ACE9-98BA9ADC1456}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7A2112A6-F167-4CF5-9894-274AF3774C9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9E728E0-5FE7-45D0-AB44-08A79335A1A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{E50EC3DE-F3EE-4AC1-B3CD-EE6849D7ACF2}C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [UDP Query User{1325D3C5-2D3E-4A62-9298-95212725B25C}C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [TCP Query User{64628C8A-A809-4404-A99A-713FD2C4558D}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{813E99B3-E203-44BD-8908-7AC2E802D4F8}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
FirewallRules: [{F3CC062F-A812-44D8-BE59-56650623B714}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{16229BDF-BAB1-4257-8177-8376B82D2657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [TCP Query User{3C20811A-8588-442A-AAD4-D9CB6E7A006B}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{ACC3B2C5-2413-452C-AA64-CB6834EDA6A2}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{2F438E1F-8DBF-4DA6-AF81-2BEA44A0C61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{F5DA88EE-101D-4809-B687-1BD430F706F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{04CEFB4B-8222-4378-B73D-FA8DFB34266C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{A427BF7F-18EC-40B6-9952-5EFF22581912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{738B045A-5518-4910-928F-36B3CA66C6F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{2F76E40F-E691-42EF-B208-6C9CC9A56694}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{A97ACC46-C96F-43BF-9C47-BAEC91CBBA7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{9C11537B-BC07-4C31-8D0F-4A59DB133E42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{3B483DCA-7E88-40A2-BFA1-928C8F4B3EBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{CB988A82-DF37-4BAC-93CD-033A86074ACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [TCP Query User{440A0E91-43DE-4146-A2AF-FE53CF2093B6}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [UDP Query User{D4C70C95-86BC-4321-A66D-2CB34EC270E6}C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base58400\sc2_x64.exe

==================== Restore Points =========================

06-10-2017 08:51:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2017 06:48:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wimrpzg.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: dbghelp.dll, version: 6.12.2.633, time stamp: 0x4b6734ba
Exception code: 0xc0000005
Fault offset: 0x00041dbb
Faulting process id: 0x29a0
Faulting application start time: 0x01d342eb4fe2187c
Faulting application path: C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
Faulting module path: C:\Users\Mark\AppData\Local\sbbmxwh\dbghelp.dll
Report Id: c0bdcb0b-368b-408c-8096-ea9e6284e7cf
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wimrpzg.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: dbghelp.dll, version: 6.12.2.633, time stamp: 0x4b6734ba
Exception code: 0xc0000005
Fault offset: 0x00041dbb
Faulting process id: 0xc24
Faulting application start time: 0x01d342c840f8269f
Faulting application path: C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
Faulting module path: C:\Users\Mark\AppData\Local\sbbmxwh\dbghelp.dll
Report Id: 68a7f878-e772-47c4-b4fc-a105db48b4ae
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 12:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wimrpzg.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: dbghelp.dll, version: 6.12.2.633, time stamp: 0x4b6734ba
Exception code: 0xc0000005
Fault offset: 0x00041dbb
Faulting process id: 0x3828
Faulting application start time: 0x01d342b32e8a786d
Faulting application path: C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
Faulting module path: C:\Users\Mark\AppData\Local\sbbmxwh\dbghelp.dll
Report Id: bfbd2f24-78cf-4f39-8a75-ae8de43ee32e
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 03:11:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (10/11/2017 03:11:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (10/11/2017 03:11:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2017 02:56:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.15063.608, time stamp: 0xb00723ab
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001320fd8
Faulting process id: 0x2cb4
Faulting application start time: 0x01d3425ac4eba596
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: unknown
Report Id: 20c316bc-f27d-443b-9219-8259989b121a
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 01:32:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.15063.608 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18a4

Start Time: 01d33f8f3d6adbd1

Termination Time: 44

Application Path: C:\Windows\explorer.exe

Report Id: c1ccf43c-9d37-49be-9e5e-d3d2480aa5d4

Faulting package full name: 

Faulting package-relative application ID:

Error: (10/11/2017 12:41:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARK-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/10/2017 05:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wimrpzg.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: dbghelp.dll, version: 6.12.2.633, time stamp: 0x4b6734ba
Exception code: 0xc0000005
Fault offset: 0x00041dbb
Faulting process id: 0x544c
Faulting application start time: 0x01d342195c4d001e
Faulting application path: C:\Users\Mark\AppData\Local\sbbmxwh\wimrpzg.exe
Faulting module path: C:\Users\Mark\AppData\Local\sbbmxwh\dbghelp.dll
Report Id: 0fba474e-10e2-4eb9-a7e7-2c1eaa5755c4
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (10/11/2017 12:41:02 AM) (Source: DCOM) (EventID: 10001) (User: MARK-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsAlarms_10.1709.2621.0_x64__8wekyb3d8bbwe!App.AppXwzrz54cs8gbnfgve6ctx6ht4bjw97w0y.mca as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca

Error: (10/07/2017 12:32:06 PM) (Source: WAS) (EventID: 5002) (User: )
Description: Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

Error: (10/06/2017 01:38:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0845: 2017-09 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4040724).

Error: (10/06/2017 01:32:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/06/2017 01:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/06/2017 01:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (10/06/2017 01:31:49 PM) (Source: DCOM) (EventID: 10005) (User: MARK-PC)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

Error: (10/06/2017 01:31:49 PM) (Source: DCOM) (EventID: 10005) (User: MARK-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/06/2017 01:31:44 PM) (Source: DCOM) (EventID: 10005) (User: MARK-PC)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

Error: (10/06/2017 01:31:41 PM) (Source: DCOM) (EventID: 10005) (User: MARK-PC)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}


CodeIntegrity:
===================================
  Date: 2017-10-06 13:32:51.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 13:21:30.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 12:55:50.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 12:43:23.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 12:40:58.392
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 12:35:48.417
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 10:51:00.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 10:24:46.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 10:14:12.950
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-06 10:11:39.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 49%
Total physical RAM: 16267.06 MB
Available physical RAM: 8190.09 MB
Total Virtual: 32651.06 MB
Available Virtual: 20543.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:621.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E816541E)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3922378D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

 

 

 

 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply


 

fixlist.txt

Link to post
Share on other sites
HashSlingingSlasher

HashSlingingSlasher

Posted
  • Author
Posted

I do, it's around 32gb. I'll look around for it and here this.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Mark (11-10-2017 22:18:46) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
*****************


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo              D:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              C:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\HarddiskVolumeShadowCopy1          40500     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000003  
IUFileFilter          D:                                        389998     IUFileFilter - Default Instance    0     00000004  
IUFileFilter                                                    389998     IUFileFilter - Default Instance    0     00000004  
IUFileFilter          C:                                        389998     IUFileFilter - Default Instance    0     00000004  
IUFileFilter                                                    389998     IUFileFilter - Default Instance    0     00000004  
IUFileFilter          \Device\HarddiskVolumeShadowCopy1         389998     IUFileFilter - Default Instance    0     00000004  
IUFileFilter          \Device\Mup                               389998     IUFileFilter - Default Instance    0     00000004  
MBAMFarflt                                                      268150     MBAMFarflt                0     00000004  
MBAMFarflt            C:                                        268150     MBAMFarflt                0     00000004  
MBAMFarflt                                                      268150     MBAMFarflt                0     00000004  
MBAMProtection        D:                                        328800     MBAMProtection            0     00000004  
MBAMProtection                                                  328800     MBAMProtection            0     00000004  
MBAMProtection        C:                                        328800     MBAMProtection            0     00000004  
MBAMProtection                                                  328800     MBAMProtection            0     00000004  
MBAMProtection        \Device\HarddiskVolumeShadowCopy1         328800     MBAMProtection            0     00000004  
MBAMProtection        \Device\Mup                               328800     MBAMProtection            0     00000004  
WdFilter              D:                                        328010     WdFilter Instance         0     00000007  Detached
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\HarddiskVolumeShadowCopy1         328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   \Device\HarddiskVolumeShadowCopy1          40700     Wof Instance              0     00000003  
diptb                 C:                                         45666     diptb Instance            0     00000000  
diptb                 \Device\Mup                                45666     diptb Instance            0     00000000  
luafv                 C:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is 6402-84EB

 Directory of C:\Windows\system32\drivers

10/07/2017  12:16 PM    <DIR>          .
10/07/2017  12:16 PM    <DIR>          ..
03/18/2017  03:56 PM           238,080 1394ohci.sys
10/02/2017  03:28 PM            92,640 14f8e71c5bebc40d367bb8e027cd5ee4.sys
07/09/2017  04:41 PM           253,856 1AC5105B.sys
01/08/2017  05:34 AM           250,816 33D505FE.sys
03/18/2017  03:56 PM           107,424 3ware.sys
07/28/2017  12:23 AM           723,360 acpi.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
09/05/2017  12:11 AM           610,720 afd.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
03/18/2017  03:58 PM           184,736 appid.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  09:30 PM           127,904 AppVStrm.sys
03/18/2017  09:30 PM           161,696 AppvVemgr.sys
03/18/2017  09:30 PM           143,776 AppvVfs.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
09/21/2011  07:56 PM            49,760 asahci64.sys
05/10/2011  06:28 PM            17,192 AsrAppCharger.sys
01/13/2012  02:52 PM            31,016 AsrRamDisk.sys
12/08/2016  04:14 AM           969,560 aswsnx.sys.148118853573407
12/08/2016  04:14 AM           513,496 aswsp.sys.148118853606210
12/08/2016  04:14 AM           292,704 aswvmm.sys.148118853660912
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
06/03/2017  04:11 AM            35,840 BasicRender.sys
03/18/2017  03:56 PM            36,256 battc.sys
03/18/2017  03:56 PM             9,728 bcmfn2.sys
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:56 PM           101,888 bowser.sys
07/27/2017  11:25 PM           115,712 bridge.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
07/27/2017  11:08 PM            97,792 bthhfenum.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
09/04/2017  11:28 PM            39,424 buttonconverter.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:57 PM            77,216 CEA.sys
07/04/2011  05:19 PM         1,632,128 cfosspeed6.sys
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
07/31/2017  09:38 PM           382,368 clfs.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
03/18/2017  03:58 PM           642,688 cng.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            56,224 condrv.sys
08/15/2014  04:57 AM           112,808 corsveng2kamd64.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  09:30 PM           559,104 csc.sys
06/02/2017  08:10 PM           112,544 dam.sys
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:56 PM           102,816 disk.sys
03/18/2017  03:58 PM            38,816 Diskdump.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
09/28/2015  05:46 PM            30,264 dtlitescsibus.sys
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
09/05/2017  12:21 AM           189,344 dumpsd.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
03/18/2017  03:57 PM            25,600 Dumpstorport.sys
05/10/2016  03:33 PM           246,720 DuoVMDrv.sys
09/05/2017  12:19 AM         2,443,168 dxgkrnl.sys
06/02/2017  08:10 PM           409,504 dxgmms1.sys
07/31/2017  09:32 PM           712,600 dxgmms2.sys
02/26/2017  02:59 AM           575,528 EasyAntiCheat.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
06/02/2017  05:23 PM    <DIR>          en-US
03/18/2017  03:56 PM            13,824 errdev.sys
06/02/2017  05:35 PM    <DIR>          etc
03/18/2017  03:56 PM         3,419,040 evbda.sys
05/02/2017  03:27 AM            21,656 evolve.sys
03/18/2017  03:57 PM           347,136 exfat.sys
10/07/2017  12:16 PM           110,016 farflt.sys
06/02/2017  08:10 PM           363,424 fastfat.sys
03/18/2017  03:56 PM            32,768 fdc.sys
06/02/2017  05:23 PM    <DIR>          fi-FI
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
06/28/2017  03:34 AM            32,320 FNETTBOH_305.SYS
08/07/2015  01:49 PM            16,648 FNETURPX.SYS
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
09/05/2017  12:16 AM           715,168 fvevol.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
06/20/2017  12:12 AM            86,528 hdaudbus.sys
07/02/2012  12:16 PM            62,784 HECIx64.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
09/04/2017  11:26 PM           107,008 hidbth.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
07/07/2017  02:07 AM         1,106,848 http.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
09/01/2012  08:01 PM           647,736 iaStorA.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
05/13/2017  06:54 AM         3,811,288 igdkmd64.sys
02/09/2012  06:24 PM            25,536 ikbevent.sys
02/09/2012  06:24 PM            25,536 imsevent.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
08/21/2015  11:50 AM           463,112 IntcDAud.sys
12/01/2015  02:46 PM            50,160 intelaud.sys
03/18/2017  03:56 PM            19,360 intelide.sys
07/18/2012  08:57 AM            15,168 IntelMEFWVer.dll
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
07/30/2013  10:32 PM            47,008 ISCTD64.sys
02/26/2012  02:01 PM            16,152 iusb3hcs.sys
12/01/2015  02:46 PM            38,896 iwdbus.sys
03/18/2017  03:56 PM           446,464 k57nd60a.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:58 PM           390,144 ks.sys
09/05/2017  12:27 AM           136,096 ksecdd.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
06/02/2017  08:10 PM            27,136 ksthunk.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
03/18/2017  03:57 PM           124,928 luafv.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
09/27/2017  09:37 AM            77,440 mbae64.sys
10/07/2017  12:16 PM            45,504 mbam.sys
10/05/2017  08:43 AM           192,952 MbamChameleon.sys
10/06/2017  01:33 PM           252,232 mbamswissarmy.sys
11/17/2009  06:12 PM            32,344 MBfilt64.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM           575,904 megasr.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
06/02/2017  08:04 PM           177,664 mqac.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
07/07/2017  01:08 AM           285,696 mrxsmb10.sys
09/05/2017  12:16 AM           228,256 mrxsmb20.sys
03/18/2017  03:57 PM            31,744 msfs.sys
11/28/2012  05:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
07/28/2017  12:20 AM           279,968 msiscsi.sys
06/20/2017  12:14 AM            32,768 mskssrv.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  09:31 PM           230,816 mssecflt.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
10/07/2017  12:16 PM            94,144 mwac.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
09/05/2017  12:23 AM         1,242,528 ndis.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            57,760 netbios.sys
09/04/2017  11:23 PM           305,152 netbt.sys
09/05/2017  12:24 AM           519,584 netio.sys
06/02/2017  08:10 PM           118,784 netvsc.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
09/04/2017  11:25 PM            43,520 nsiproxy.sys
07/28/2017  12:24 AM         2,327,456 ntfs.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
06/27/2017  05:39 PM           218,712 nvhda64v.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
08/17/2017  11:37 PM            48,064 nvvad64v.sys
08/21/2017  08:01 PM            57,976 nvvhci.sys
03/18/2017  03:58 PM           549,888 nwifi.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:56 PM            97,792 parport.sys
09/05/2017  12:25 AM           159,648 partmgr.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:57 PM            52,640 pcw.sys
07/07/2017  02:24 AM           117,664 pdc.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
10/06/2017  10:04 AM           116,560 raeeilor.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
03/18/2017  09:30 PM           183,296 rdpdr.sys
03/18/2017  09:30 PM            30,624 rdpvideominiport.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM            14,336 registry.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
03/18/2017  03:56 PM            34,816 rndismpx.sys
06/02/2017  08:10 PM            13,312 rootmdm.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
01/31/2012  04:02 AM           223,608 RTAIODAT.DAT
01/31/2012  06:14 AM         4,739,304 RTKVHD64.sys
10/15/2010  06:20 AM         2,261,764 rtvienna.dat
06/23/2016  06:55 AM            51,736 rzendpt.sys
09/16/2016  07:12 PM            44,144 rzpmgrk.sys
10/08/2016  01:56 AM           137,840 rzpnk.sys
06/23/2016  06:55 AM           203,288 rzudd.sys
03/18/2017  03:56 PM           110,496 sbp2port.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
09/05/2017  12:30 AM           287,648 sdbus.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
03/27/2017  10:32 PM            47,552 SETAA07.tmp
10/06/2017  10:11 AM           252,232 SETAAF6.tmp
10/06/2017  12:40 PM           252,232 SETBB04.tmp
10/06/2017  10:22 AM           252,232 SETBD55.tmp
10/06/2017  10:51 AM           252,232 SETBDA3.tmp
07/28/2017  12:15 AM           554,400 SETC459.tmp
04/03/2017  09:49 AM        14,841,784 SETF8B6.tmp
03/18/2017  03:56 PM            18,432 sfloppy.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:57 PM            21,504 smclib.sys
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
06/02/2017  08:10 PM           414,208 srv.sys
06/02/2017  08:10 PM           722,944 srv2.sys
09/04/2017  11:11 PM           254,976 srvnet.sys
09/05/2016  05:47 AM           131,712 ssudbus.sys
09/05/2016  05:47 AM           165,504 ssudmdm.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
06/02/2017  08:10 PM           144,288 storahci.sys
03/18/2017  03:56 PM            95,648 stornvme.sys
09/05/2017  12:16 AM           546,208 storport.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            28,064 tbs.sys
09/05/2017  12:11 AM         2,675,104 tcpip.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            40,352 tdi.sys
07/31/2017  09:36 PM           119,712 tdx.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
06/03/2017  05:10 AM           130,464 tm.sys
06/03/2017  05:00 AM           219,040 tpm.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  09:30 PM           125,952 tsusbhub.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
09/04/2017  11:27 PM           104,960 UcmCx.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
07/27/2017  11:27 PM            51,712 UcmUcsi.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  09:31 PM            40,344 UevAgentDriver.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            57,856 umbus.sys
09/13/2017  12:34 AM    <DIR>          UMDF
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
02/26/2012  02:00 PM            41,984 USB3Ver.dll
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:56 PM            23,040 usb8023x.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
03/18/2017  03:56 PM           173,984 usbccgp.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
03/18/2017  03:56 PM           511,904 usbhub.sys
09/18/2017  06:09 PM           554,400 USBHUB3.SYS
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
09/04/2017  11:28 PM            71,680 usbser.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            35,328 usbuhci.sys
06/02/2017  08:10 PM           388,000 USBXHCI.SYS
12/15/2015  02:40 PM         1,994,864 vasdDev.sys
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
06/02/2017  08:10 PM           730,016 vhdmp.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
07/31/2017  09:30 PM            82,336 vmbkmcl.sys
07/31/2017  08:44 PM            83,968 vmbkmclr.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
04/14/2016  05:17 PM            33,472 VMkbd.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            41,472 vwifimp.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
06/20/2017  01:00 AM           142,752 wcifs.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
06/20/2017  12:07 AM           757,248 WdiWiFi.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
10/06/2017  01:32 PM            34,752 WPRO_41_2001.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
06/02/2017  08:10 PM           277,504 xboxgip.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
             444 File(s)    111,720,692 bytes
               6 Dir(s)  666,276,376,576 bytes free

========= End of CMD: =========


==== End of Fixlog 22:18:47 ====

Link to post
Share on other sites
Aura

Aura

Posted
Posted

And now for the fun part.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

Link to post
Share on other sites
HashSlingingSlasher

HashSlingingSlasher

Posted
  • Author
Posted (edited)

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by Mark (17-10-2017 13:55:01) Run:5
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: cd /
CMD: dir /a C:
CMD: dir /a
*****************


========= cd / =========


========= End of CMD: =========


========= dir /a C: =========

 Volume in drive C has no label.
 Volume Serial Number is 6402-84EB

 Directory of C:\Users\Mark\Desktop

10/17/2017  01:55 PM    <DIR>          .
10/17/2017  01:55 PM    <DIR>          ..
09/17/2017  01:21 AM       581,254,853 (?????) [130722][RJ118890][?????] ???????????~???????????~ (files).rar
09/22/2017  11:04 AM         1,066,241 001.jpg
08/12/2017  09:54 AM         1,108,375 18.png
01/22/2015  05:06 PM    <DIR>          3MLE
09/08/2017  02:38 PM        10,773,652 Ana.mp4
01/19/2017  04:49 AM    <DIR>          ANIMAY
10/05/2016  02:20 AM                43 ANUIME.txt
07/31/2017  04:02 PM               737 asdasd.txt
10/06/2017  04:24 AM        40,322,959 ASMR.mp3
02/08/2015  11:29 PM    <DIR>          braver
09/17/2017  02:38 AM    <DIR>          Breaking Bad
01/24/2017  03:25 PM    <DIR>          Celestia
03/23/2016  10:23 PM            42,267 cover letter.png
08/12/2015  06:07 PM        12,191,757 Custom Maid 3D 2 HF Patch.exe
10/13/2017  11:14 AM               282 desktop.ini
08/10/2017  11:44 PM            78,272 DG54uZ9WAAIF97V.jpg-large
08/08/2015  04:55 AM        30,570,778 dlholp.swf
04/15/2015  12:31 AM    <DIR>          Dolphin-x64
09/04/2017  08:47 PM    <DIR>          Dou
01/01/2015  07:27 PM            12,465 emails.txt
04/18/2016  01:52 AM            17,408 FastClicker.exe
02/13/2017  07:56 PM    <DIR>          fe bb
01/19/2015  01:01 AM             2,515 FE PAIRS.txt
10/17/2017  01:55 PM                38 fixlist.txt
10/17/2017  01:55 PM               463 Fixlog.txt
08/21/2015  03:18 AM                19 flushdns.cmd
10/17/2017  01:52 PM         2,401,792 FRST64.exe
07/21/2017  08:53 AM    <DIR>          censored HOLD IT DOWN
07/30/2017  11:47 AM         1,674,072 giphy (1).gif
07/08/2017  07:58 PM         6,544,810 giphy.gif
09/21/2017  09:49 PM         1,217,060 giphy.webp
07/09/2017  03:43 PM    <DIR>          GRANBLUE
08/03/2017  03:53 PM               223 GRANMBLUE ACC.txt
10/17/2017  01:54 PM    <DIR>          Hent
07/30/2017  11:54 AM            29,312 hqdefault.jpg
07/31/2017  10:58 PM    <DIR>          Immoral Sisters II
09/04/2017  08:51 PM    <DIR>          Kek
09/22/2017  11:42 AM           274,902 kek.png
10/12/2017  12:54 AM           254,285 kingdom-3982417.jpg
10/09/2017  03:03 PM    <DIR>          LEAGUESADKLJASL
08/29/2016  01:43 AM    <DIR>          Liru1.0.0.6
10/09/2017  02:59 PM         1,707,295 LoL.png
01/11/2017  01:21 AM           317,012 LUIS.png
10/17/2017  01:48 PM    <DIR>          Ma.ga.ochiru.yoru
01/19/2017  07:00 AM    <DIR>          Maki
10/10/2017  09:01 AM            48,640 Marvelous-SakuraFutaba-by-KatsuDansou.webp
10/17/2017  01:51 PM    <DIR>          memed
09/04/2017  06:26 PM    <DIR>          Movies
06/26/2017  03:53 AM               966 Multi-MEmu.lnk
06/28/2017  07:39 AM    <DIR>          Music
08/08/2015  04:59 AM         6,088,611 natsume2.swf
09/30/2014  09:50 PM    <DIR>          NEW ORDER
10/05/2017  03:27 AM    <DIR>          NEWER
06/14/2016  10:43 PM    <DIR>          oesa
02/18/2017  07:21 PM    <DIR>          Oxygen.Not.Included
06/01/2017  03:04 PM    <DIR>          Pictures of Destiny
10/09/2017  11:10 AM    <DIR>          Play the Yufin
10/13/2017  12:13 PM        21,593,003 PM 11.zip
02/04/2017  07:14 PM    <DIR>          POOPADOOP
05/12/2017  05:37 AM             2,044 Raidy3.lnk
10/11/2017  03:02 AM    <DIR>          RealTemp_370
03/23/2016  10:01 PM            55,880 Resume.png
08/29/2016  01:31 AM    <DIR>          Rondo Duo -Yoake no Fortissimo- Punyu Puri ff
10/05/2017  03:58 AM    <DIR>          SAMURAI QUACK QUACK
10/13/2017  12:34 PM       379,860,456 Shohin-Mei Yome Ga - Ni Narimashite.zip
07/26/2015  07:29 PM    <DIR>          SPLATOON
02/11/2017  08:36 PM    <DIR>          Star Wars The Clone Wars
11/11/2015  07:14 AM    <DIR>          StepMania 5
10/13/2017  12:12 PM        13,774,351 Strength and II.zip
10/11/2017  01:59 AM    <DIR>          Teaching Feeling
08/13/2017  10:44 PM           926,555 tenor.gif
10/17/2017  01:34 AM         1,505,091 unknown.png
09/12/2017  03:13 AM    <DIR>          VisualBoyAdvance-1.8.0-beta3
06/01/2017  03:04 PM    <DIR>          WALLPAPER
06/27/2017  01:06 AM    <DIR>          XCOM.2-CODEX
12/30/2016  02:26 AM    <DIR>          YOU
09/28/2015  06:24 PM    <DIR>          [150724] [KISS] ???????3D 2 + Dancer Set + Manual + Update 1.01
05/17/2017  03:58 AM    <DIR>          [anime4life.] FullMetal Alchemist BrotherHood 1-64 (BDRip 1080p AC3)
04/07/2015  04:20 AM    <DIR>          ?????????
09/17/2017  02:43 AM    <DIR>          ???????????~???????????~
              38 File(s)  1,115,719,484 bytes
              44 Dir(s)  652,165,406,720 bytes free

========= End of CMD: =========


========= dir /a =========

 Volume in drive C has no label.
 Volume Serial Number is 6402-84EB

 Directory of C:\Users\Mark\Desktop

10/17/2017  01:55 PM    <DIR>          .
10/17/2017  01:55 PM    <DIR>          ..
09/17/2017  01:21 AM       581,254,853 (?????) [130722][RJ118890][?????] ???????????~???????????~ (files).rar
09/22/2017  11:04 AM         1,066,241 001.jpg
08/12/2017  09:54 AM         1,108,375 18.png
01/22/2015  05:06 PM    <DIR>          3MLE
09/08/2017  02:38 PM        10,773,652 Ana.mp4
01/19/2017  04:49 AM    <DIR>          ANIMAY
10/05/2016  02:20 AM                43 ANUIME.txt
07/31/2017  04:02 PM               737 asdasd.txt
10/06/2017  04:24 AM        40,322,959 ASMR.mp3
02/08/2015  11:29 PM    <DIR>          braver
09/17/2017  02:38 AM    <DIR>          Breaking Bad
01/24/2017  03:25 PM    <DIR>          Celestia
03/23/2016  10:23 PM            42,267 cover letter.png
08/12/2015  06:07 PM        12,191,757 Custom Maid 3D 2 HF Patch.exe
10/13/2017  11:14 AM               282 desktop.ini
08/10/2017  11:44 PM            78,272 DG54uZ9WAAIF97V.jpg-large
08/08/2015  04:55 AM        30,570,778 dlholp.swf
04/15/2015  12:31 AM    <DIR>          Dolphin-x64
09/04/2017  08:47 PM    <DIR>          Dou
01/01/2015  07:27 PM            12,465 emails.txt
04/18/2016  01:52 AM            17,408 FastClicker.exe
02/13/2017  07:56 PM    <DIR>          fe bb
01/19/2015  01:01 AM             2,515 FE PAIRS.txt
10/17/2017  01:55 PM                38 fixlist.txt
10/17/2017  01:55 PM             5,273 Fixlog.txt
08/21/2015  03:18 AM                19 flushdns.cmd
10/17/2017  01:52 PM         2,401,792 FRST64.exe
07/21/2017  08:53 AM    <DIR>          censored HOLD IT DOWN
07/30/2017  11:47 AM         1,674,072 giphy (1).gif
07/08/2017  07:58 PM         6,544,810 giphy.gif
09/21/2017  09:49 PM         1,217,060 giphy.webp
07/09/2017  03:43 PM    <DIR>          GRANBLUE
08/03/2017  03:53 PM               223 GRANMBLUE ACC.txt
10/17/2017  01:54 PM    <DIR>          Hent
07/30/2017  11:54 AM            29,312 hqdefault.jpg
07/31/2017  10:58 PM    <DIR>          Immoral Sisters II
09/04/2017  08:51 PM    <DIR>          Kek
09/22/2017  11:42 AM           274,902 kek.png
10/12/2017  12:54 AM           254,285 kingdom-3982417.jpg
10/09/2017  03:03 PM    <DIR>          LEAGUESADKLJASL
08/29/2016  01:43 AM    <DIR>          Liru1.0.0.6
10/09/2017  02:59 PM         1,707,295 LoL.png
01/11/2017  01:21 AM           317,012 LUIS.png
10/17/2017  01:48 PM    <DIR>          Ma.ga.ochiru.yoru
01/19/2017  07:00 AM    <DIR>          Maki
10/10/2017  09:01 AM            48,640 Marvelous-SakuraFutaba-by-KatsuDansou.webp
10/17/2017  01:51 PM    <DIR>          memed
09/04/2017  06:26 PM    <DIR>          Movies
06/26/2017  03:53 AM               966 Multi-MEmu.lnk
06/28/2017  07:39 AM    <DIR>          Music
08/08/2015  04:59 AM         6,088,611 natsume2.swf
09/30/2014  09:50 PM    <DIR>          NEW ORDER
10/05/2017  03:27 AM    <DIR>          NEWER
06/14/2016  10:43 PM    <DIR>          oesa
02/18/2017  07:21 PM    <DIR>          Oxygen.Not.Included
06/01/2017  03:04 PM    <DIR>          Pictures of Destiny
10/09/2017  11:10 AM    <DIR>          Play the Yufin
10/13/2017  12:13 PM        21,593,003 PM 11.zip
02/04/2017  07:14 PM    <DIR>          POOPADOOP
05/12/2017  05:37 AM             2,044 Raidy3.lnk
10/11/2017  03:02 AM    <DIR>          RealTemp_370
03/23/2016  10:01 PM            55,880 Resume.png
08/29/2016  01:31 AM    <DIR>          Rondo Duo -Yoake no Fortissimo- Punyu Puri ff
10/05/2017  03:58 AM    <DIR>          SAMURAI QUACK QUACK
10/13/2017  12:34 PM       379,860,456 Shohin-Mei Yome Ga - Ni Narimashite.zip
07/26/2015  07:29 PM    <DIR>          SPLATOON
02/11/2017  08:36 PM    <DIR>          Star Wars The Clone Wars
11/11/2015  07:14 AM    <DIR>          StepMania 5
10/13/2017  12:12 PM        13,774,351 Strength and II.zip
10/11/2017  01:59 AM    <DIR>          Teaching Feeling
08/13/2017  10:44 PM           926,555 tenor.gif
10/17/2017  01:34 AM         1,505,091 unknown.png
09/12/2017  03:13 AM    <DIR>          VisualBoyAdvance-1.8.0-beta3
06/01/2017  03:04 PM    <DIR>          WALLPAPER
06/27/2017  01:06 AM    <DIR>          XCOM.2-CODEX
12/30/2016  02:26 AM    <DIR>          YOU
09/28/2015  06:24 PM    <DIR>          [150724] [KISS] ???????3D 2 + Dancer Set + Manual + Update 1.01
05/17/2017  03:58 AM    <DIR>          [anime4life.] FullMetal Alchemist BrotherHood 1-64 (BDRip 1080p AC3)
04/07/2015  04:20 AM    <DIR>          ?????????
09/17/2017  02:43 AM    <DIR>          ???????????~???????????~
              38 File(s)  1,115,724,294 bytes
              44 Dir(s)  652,165,398,528 bytes free

========= End of CMD: =========


==== End of Fixlog 13:55:02 ====

Edited by HashSlingingSlasher
Link to post
Share on other sites
Aura

Aura

Posted
Posted

Alright this isn't working. Open a command prompt with Admin Rights, and enter the two commands below (after each, press on Enter). 

cd /
dir /a >> "%userprofile%\Desktop\output.txt"

A file called output.txt should be on your desktop. Attach it here so I can review it.

Link to post
Share on other sites
HashSlingingSlasher

HashSlingingSlasher

Posted
  • Author
Posted

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by Mark (17-10-2017 16:31:58) Run:6
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\$WINDOWS.~BT
C:\$Windows.~WS
C:\161.tmp
C:\5FB3.tmp
C:\AVScanner.ini
C:\ComboFix.txt
C:\D215.tmp
C:\Qoobox
*****************

C:\$WINDOWS.~BT => moved successfully
C:\$Windows.~WS => moved successfully
C:\161.tmp => moved successfully
C:\5FB3.tmp => moved successfully
C:\AVScanner.ini => moved successfully
C:\ComboFix.txt => moved successfully
C:\D215.tmp => moved successfully
C:\Qoobox => moved successfully

==== End of Fixlog 16:32:01 ====

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.