JaredNolan Posted December 22, 2017 ID:1193683 Share Posted December 22, 2017 Downloaded something now I have a virus which causes my GPU to idle at 75% I've downloaded & tried Chameleon to no avail. Been trying to use guides on how to end prgram blocking processess such as rkill but nothing works. Link to post Share on other sites More sharing options...
Aura Posted December 22, 2017 ID:1193717 Share Posted December 22, 2017 Hi JaredNolan My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content. https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Aura Posted December 25, 2017 ID:1194409 Share Posted December 25, 2017 Hi JaredNolan, Are you still with me? Link to post Share on other sites More sharing options...
JaredNolan Posted December 25, 2017 Author ID:1194476 Share Posted December 25, 2017 6 hours ago, Aura said: Hi JaredNolan, Are you still with me? Yes I apologize I went away for Christmas but I'm here now! Link to post Share on other sites More sharing options...
JaredNolan Posted December 25, 2017 Author ID:1194479 Share Posted December 25, 2017 6 hours ago, Aura said: Hi JaredNolan, Are you still with me? 6 hours ago, Aura said: Hi JaredNolan, Are you still with me? Yes I apologize I went away for Christmas but I'm here now! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01 Ran by Jared (administrator) on JAREDS-PC (25-12-2017 17:47:06) Running from C:\Users\Jared\Desktop Loaded Profiles: Jared (Available Profiles: Jared) Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegisterService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () D:\tunnelbear\TunnelBear.Maintenance.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Apple Inc.) D:\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (juvlarN) C:\Users\Jared\Desktop\vibranceGUI.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegister.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-30] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.) HKLM-x32\...\Run: [MSIRegister] => D:\MSIRegister\MSIRegister.exe [1258448 2016-11-09] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel) HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [vibranceGUI] => C:\Users\Jared\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN) HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-09-08] ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks) Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CAM.lnk [2017-10-03] ShortcutTarget: CAM.lnk -> C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe () Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2017-09-08] ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\autorun.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166 Tcpip\..\Interfaces\{c1579510-25d2-4d07-9375-1951d7a37481}: [DhcpNameServer] 192.168.2.1 142.166.166.166 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-09-09] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.144.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default [2017-12-25] CHR Extension: (Slides) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08] CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08] CHR Extension: (Sheets) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08] CHR Extension: (AdBlock) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08] CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08] CHR Extension: (Chrome Media Router) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "DrToolKrl" => service could not be unlocked. <==== ATTENTION R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-14] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation) R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32464 2017-08-10] (Corsair Components, Inc.) R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-11-05] (EasyAntiCheat Ltd) S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed] S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2406576 2017-03-29] (Intel Corporation) R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2010848 2016-11-17] (Rivet Networks) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) [File not signed] R2 MSIREGISTER_MR; D:\MSIRegister\MSIRegisterService.exe [132048 2016-10-07] (Micro-Star INT'L CO., LTD.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] () R2 TunnelBearMaintenance; D:\tunnelbear\TunnelBear.Maintenance.exe [37248 2017-09-06] () S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-10] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-10] (Microsoft Corporation) S2 dVyuxKTDYi1p Updater; C:\Program Files (x86)\dVyuxKTDYi1p Updater\dVyuxKTDYi1p Updater.exe [X] S2 SwfkeW1apKPM Updater; C:\Program Files (x86)\SwfkeW1apKPM Updater\SwfkeW1apKPM Updater.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-12-25] (CPUID) R5 DrToolKrl; C:\Windows\System32\Drivers\DrToolKrl.sys [62064 2017-12-20] () [File not signed] S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-29] (Intel Corporation) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.) R1 MpKsl3e42eeae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9C79173-B74C-40EB-8E52-9FFB4FDC62C0}\MpKsl3e42eeae.sys [58120 2017-12-21] (Microsoft Corporation) R1 MpKslf5855aff; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6747C549-714B-4959-AEBB-9D7CEC029FF6}\MpKslf5855aff.sys [58120 2017-12-25] (Microsoft Corporation) S3 NTIOLib_1_0_C; D:\MSI MOBO\NTIOLib_X64.sys [11888 2011-06-28] (MSI) [File not signed] R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation) R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [89440 2016-11-17] (Rivet Networks, LLC.) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project) S1 thwseyva; C:\WINDOWS\system32\drivers\thwseyva.sys [72816 2017-12-25] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-10] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-10] (Microsoft Corporation) R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [14544 2017-12-22] (OpenLibSys.org) R5 DrToolKrl; <==== ATTENTION: Locked Service ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-25 17:47 - 2017-12-25 17:47 - 000024484 _____ C:\Users\Jared\Desktop\FRST.txt 2017-12-25 17:46 - 2017-12-25 17:47 - 000000000 ____D C:\FRST 2017-12-25 17:46 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Desktop\FRST64.exe 2017-12-25 17:45 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Downloads\FRST64.exe 2017-12-25 17:32 - 2017-12-25 17:32 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\thwseyva.sys 2017-12-22 11:19 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2017-12-22 11:19 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2017-12-22 11:18 - 2017-12-22 11:18 - 032227328 _____ C:\Users\Jared\Downloads\EpicInstaller-7.0.0.msi 2017-12-22 10:11 - 2017-12-22 10:12 - 000003586 _____ C:\Users\Jared\Desktop\Rkill.txt 2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill (1).exe 2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Desktop\rkill (1).exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Downloads\ESETPoweliksCleaner.exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000000022 _____ C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe_20171222.101115.10272.zip 2017-12-22 10:06 - 2017-12-22 10:06 - 000982292 _____ C:\WINDOWS\Minidump\122217-6625-01.dmp 2017-12-22 10:06 - 2017-12-22 10:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2017-12-22 10:04 - 2017-12-22 10:06 - 1090003738 _____ C:\WINDOWS\MEMORY.DMP 2017-12-21 21:46 - 2017-12-21 21:46 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0 (1).zip 2017-12-21 21:45 - 2017-12-21 21:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-21 21:45 - 2017-12-21 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-21 21:45 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-21 21:44 - 2017-12-21 21:44 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (2).exe 2017-12-21 20:30 - 2017-12-21 20:30 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0 (1).exe 2017-12-21 20:29 - 2017-12-21 20:29 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0.exe 2017-12-21 19:05 - 2017-12-21 22:13 - 000000000 ____D C:\ProgramData\RogueKiller 2017-12-21 19:05 - 2017-12-21 21:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-12-21 19:05 - 2017-12-21 19:05 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-12-21 19:05 - 2017-12-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-12-21 19:04 - 2017-12-21 19:05 - 000000000 ____D C:\Program Files\RogueKiller 2017-12-21 19:04 - 2017-12-21 19:04 - 036251728 _____ (Adlice Software ) C:\Users\Jared\Downloads\setup.exe 2017-12-21 18:47 - 2017-12-11 11:14 - 000000000 ____D C:\Users\Jared\Downloads\integrity_verification 2017-12-21 18:47 - 2017-12-11 11:06 - 000000000 ____D C:\Users\Jared\Downloads\tron 2017-12-21 18:46 - 2017-12-21 18:47 - 603933879 _____ (Igor Pavlov) C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).exe 2017-12-21 18:46 - 2017-12-21 18:46 - 000185196 _____ C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).torrent 2017-12-21 18:40 - 2017-12-21 20:32 - 000000000 ____D C:\AdwCleaner 2017-12-21 18:40 - 2017-12-21 18:40 - 008172032 _____ (Malwarebytes) C:\Users\Jared\Downloads\AdwCleaner.exe 2017-12-21 18:39 - 2017-12-21 18:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe 2017-12-21 18:35 - 2017-12-21 18:35 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0.zip 2017-12-21 18:33 - 2017-12-21 18:33 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe 2017-12-21 18:33 - 2017-12-21 18:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-21 18:22 - 2017-12-21 21:45 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-21 18:22 - 2017-12-21 21:45 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-21 18:21 - 2017-12-21 18:22 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-21 07:08 - 2017-12-21 07:08 - 000016778 _____ C:\WINDOWS\System32\Tasks\iPubster 2017-12-20 21:08 - 2017-12-20 21:08 - 000016872 _____ C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE 2017-12-20 20:53 - 2017-12-20 20:53 - 000016876 _____ C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease 2017-12-20 20:24 - 2017-12-20 20:24 - 000000000 _____ C:\autoexec.bat 2017-12-20 20:14 - 2017-12-20 20:14 - 000000000 ___HD C:\Users\Jared\MicrosoftEdgeBackups 2017-12-20 20:11 - 2017-12-22 10:06 - 000000000 ____D C:\WINDOWS\Minidump 2017-12-20 19:45 - 2017-12-20 19:45 - 001129816 _____ (Google Inc.) C:\Users\Jared\Downloads\ChromeSetup (1).exe 2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ C:\ProgramData\TeamVieverService.dll 2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ C:\ProgramData\lock.dat 2017-12-20 19:41 - 2017-12-21 18:44 - 000000024 _____ C:\ProgramData\rwi.chad 2017-12-20 19:40 - 2017-12-22 10:06 - 007419393 _____ C:\WINDOWS\nvdia.exe 2017-12-20 19:40 - 2017-12-21 19:31 - 000000000 ____D C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050 2017-12-20 19:40 - 2017-12-21 07:10 - 000000000 ____D C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea 2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Roaming\cc7c59c5aa2a4253a93829072f71de90 2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636 2017-12-20 19:40 - 2017-12-20 20:03 - 000000000 ____D C:\Program Files (x86)\foldershare 2017-12-20 19:40 - 2017-12-20 19:46 - 000000000 ____D C:\ProgramData\6a5eb53d821247cc87df067b567c15d3 2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\Users\Jared\AppData\Local\f60daabad01942e0afb138f0b7cc7650 2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\ProgramData\de5f5c4699ea479f85bf44bc7cde3c3a 2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ C:\Users\Jared\AppData\Local\installer.dat 2017-12-20 19:40 - 2017-12-20 19:40 - 000062064 _____ C:\WINDOWS\system32\Drivers\DrToolKrl.sys 2017-12-20 19:40 - 2017-12-20 19:40 - 000016884 _____ C:\WINDOWS\System32\Tasks\Chronix MP3G-CE Extractor 2017-12-20 19:40 - 2017-12-20 19:40 - 000000000 ____D C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62 2017-12-20 17:58 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Jared\dawntained 2017-12-20 17:58 - 2017-12-20 17:58 - 000095290 _____ C:\Users\Jared\Downloads\dawntained.jar 2017-12-20 16:38 - 2017-12-21 18:46 - 000000000 ____D C:\Users\Jared\AppData\LocalLow\uTorrent 2017-12-18 21:29 - 2017-12-18 21:29 - 058982477 _____ C:\Users\Jared\Downloads\Days_Before_Rodeo-(DatPiff.com).zip 2017-12-17 21:57 - 2017-12-17 21:57 - 000000000 ____D C:\.zonica_cache_32 2017-12-17 21:56 - 2017-12-17 21:57 - 000000000 ____D C:\Users\Jared\.zonica_32 2017-12-17 21:56 - 2017-12-17 21:56 - 000195413 _____ C:\Users\Jared\Downloads\Zonica.jar 2017-12-17 21:36 - 2017-12-20 19:42 - 000000000 ____D C:\Users\Jared\AppData\Roaming\TS3Client 2017-12-17 21:35 - 2017-12-17 21:35 - 000000680 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2017-12-17 21:35 - 2017-12-17 21:35 - 000000630 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2017-12-17 21:34 - 2017-12-17 21:34 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Jared\Downloads\TeamSpeak3-Client-win64-3.1.7.exe 2017-12-13 20:01 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-13 20:01 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-13 19:20 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys 2017-12-13 19:20 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-12-13 19:20 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-12-13 19:20 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-12-13 19:20 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-12-13 19:20 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll 2017-12-13 19:20 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-12-13 19:20 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-12-13 19:20 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2017-12-13 19:20 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe 2017-12-13 19:20 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2017-12-13 19:20 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-12-13 19:20 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-12-13 19:20 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-12-13 19:20 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-12-13 19:20 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys 2017-12-13 19:20 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-12-13 19:20 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-12-13 19:20 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-12-13 19:20 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2017-12-13 19:20 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2017-12-13 19:20 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-12-13 19:20 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-12-13 19:20 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-12-13 19:20 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-12-13 19:20 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-12-13 19:20 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-12-13 19:20 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-12-13 19:20 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-12-13 19:20 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2017-12-13 19:20 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2017-12-13 19:20 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-12-13 19:20 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-12-13 19:20 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll 2017-12-13 19:20 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-12-13 19:20 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-12-13 19:20 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2017-12-13 19:20 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2017-12-13 19:20 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-12-13 19:20 - 2017-12-07 17:29 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterShim.dll 2017-12-13 19:20 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-12-13 19:20 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-12-13 19:20 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-12-13 19:20 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx 2017-12-13 19:20 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-12-13 19:20 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe 2017-12-13 19:20 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe 2017-12-13 19:20 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2017-12-13 19:20 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2017-12-13 19:20 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe 2017-12-13 19:20 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe 2017-12-13 19:20 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-12-13 19:20 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-12-13 19:20 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-12-13 19:20 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-12-13 19:20 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-12-13 19:20 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-12-13 19:20 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-12-13 19:20 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2017-12-13 19:20 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2017-12-13 19:20 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2017-12-13 19:20 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2017-12-13 19:20 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-12-13 19:20 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-12-13 19:20 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2017-12-13 19:20 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-12-13 19:20 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-12-13 19:20 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-12-13 19:20 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-12-13 19:20 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-12-13 19:20 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-12-13 19:20 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-12-13 19:20 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-12-13 19:20 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-12-13 19:20 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-12-13 19:20 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2017-12-13 19:20 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2017-12-13 19:20 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-12-13 19:20 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2017-12-13 19:20 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-12-13 19:20 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-12-13 19:20 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-12-13 19:20 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-12-13 19:20 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-12-13 19:20 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2017-12-13 19:20 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2017-12-13 19:20 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-12-13 19:20 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-12-13 19:20 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2017-12-13 19:20 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-12-13 19:20 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2017-12-13 19:20 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-12-13 19:20 - 2017-11-26 08:21 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-12-13 19:20 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-12-13 19:20 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-12-13 19:20 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-12-13 19:20 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll 2017-12-13 19:20 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-12-13 19:20 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-12-13 19:20 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-12-13 19:20 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-12-13 19:20 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2017-12-13 19:20 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll 2017-12-13 19:20 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2017-12-13 19:20 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2017-12-13 19:20 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-12-13 19:20 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2017-12-13 19:20 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2017-12-13 19:20 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2017-12-13 19:20 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll 2017-12-13 19:20 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-12-13 19:20 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-12-13 19:20 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2017-12-13 19:20 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-12-13 19:20 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-12-13 19:20 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-12-13 19:20 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2017-12-13 19:20 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-12-13 19:20 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-12-13 19:20 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-12-13 19:20 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-12-13 19:20 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-12-13 19:20 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-12-13 19:20 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-12-13 19:20 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-12-13 19:20 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-12-13 19:20 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2017-12-13 19:20 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll 2017-12-13 19:20 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll 2017-12-13 19:20 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2017-12-13 19:20 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-12-13 19:20 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-12-13 19:20 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-12-13 19:20 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-12-13 19:20 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-12-13 19:20 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-12-13 19:20 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2017-12-13 19:20 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-12-13 19:20 - 2017-11-26 05:57 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-12-13 19:20 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-12-13 19:20 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-12-13 19:20 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-12-13 19:20 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll 2017-12-13 19:20 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll 2017-12-13 19:20 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-12-13 19:20 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-12-13 19:20 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2017-12-13 19:20 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-12-13 19:20 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2017-12-13 19:20 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-12-13 19:20 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-12-13 19:20 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-12-13 19:20 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll 2017-12-13 19:20 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll 2017-12-13 19:20 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll 2017-12-13 19:20 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2017-12-11 17:03 - 2017-12-11 17:04 - 000000000 ____D C:\Users\Jared\Desktop\CSGO 2017-12-11 17:03 - 2017-12-11 17:03 - 000000000 ____D C:\Users\Jared\Desktop\Witcher Mods 2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2017-12-02 18:45 - 2017-12-02 18:45 - 000000000 ____D C:\Program Files (x86)\Razer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-25 17:42 - 2017-09-08 19:55 - 000000000 ____D C:\Users\Jared\AppData\Local\CrashDumps 2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-25 17:32 - 2017-11-24 20:40 - 000003492 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics 2017-12-25 17:32 - 2017-11-07 21:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DA44643-B285-4279-864B-5A82909EE1D9} 2017-12-25 17:32 - 2017-11-07 21:06 - 000003330 _____ C:\WINDOWS\System32\Tasks\CAM 2017-12-25 17:32 - 2017-09-11 11:42 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-25 17:30 - 2017-09-10 15:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility 2017-12-25 17:29 - 2017-09-08 21:03 - 000000000 ____D C:\ProgramData\LogiShrd 2017-12-25 17:29 - 2017-09-08 20:15 - 000000000 ____D C:\Program Files (x86)\Steam 2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk 2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2017-12-22 10:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2017-12-22 10:10 - 2017-11-07 21:12 - 001445180 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-22 10:06 - 2017-11-07 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-22 10:06 - 2017-11-07 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-22 10:06 - 2017-11-05 15:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-12-22 10:06 - 2017-09-08 20:09 - 000026192 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys 2017-12-22 10:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared 2017-12-22 09:29 - 2017-09-10 16:22 - 000007597 _____ C:\Users\Jared\AppData\Local\resmon.resmoncfg 2017-12-21 22:14 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-12-21 21:29 - 2017-10-28 10:44 - 000000000 ____D C:\Users\Jared\Downloads\ASSASSINS CREED ORIGINS-FULL UNLOCKED RePack 2017-12-21 21:27 - 2017-09-08 21:14 - 000000000 ____D C:\ProgramData\CLink4 2017-12-21 19:31 - 2017-10-07 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear 2017-12-21 19:31 - 2017-09-16 21:34 - 000000000 ____D C:\Users\Jared\AppData\Roaming\uTorrent 2017-12-21 19:31 - 2017-09-09 22:24 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape 2017-12-21 19:22 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-12-20 21:15 - 2017-09-08 20:19 - 000002340 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-20 20:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2017-12-20 19:45 - 2017-11-07 21:06 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-12-20 19:45 - 2017-11-07 21:06 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-12-20 19:40 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Portable Devices 2017-12-20 16:38 - 2017-11-24 20:40 - 000000000 ___RD C:\Users\Jared\iCloudDrive 2017-12-19 08:17 - 2017-09-08 19:38 - 000000000 ____D C:\Users\Jared\AppData\Local\NVIDIA 2017-12-17 20:06 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-15 20:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache 2017-12-14 19:16 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-14 19:16 - 2017-09-21 12:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-12-13 20:01 - 2017-11-07 21:08 - 000000000 ___RD C:\Users\Jared\3D Objects 2017-12-13 20:01 - 2017-08-30 20:14 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-12-13 20:00 - 2017-11-07 21:02 - 000398592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-12-13 20:00 - 2017-09-29 09:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs 2017-12-13 20:00 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2017-12-13 19:22 - 2017-09-09 13:22 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-12-13 19:21 - 2017-10-10 19:12 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-12-13 19:21 - 2017-09-09 13:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-12-13 19:20 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-12-13 19:20 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-12-13 19:20 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-12-13 19:20 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-12-13 17:35 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared\AppData\Local\Packages 2017-12-12 07:32 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\discord 2017-12-11 23:37 - 2017-11-17 18:52 - 000002229 _____ C:\Users\Jared\Desktop\Discord.lnk 2017-12-11 23:37 - 2017-11-17 18:52 - 000000000 ____D C:\Users\Jared\AppData\Local\Discord 2017-12-11 23:37 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-12-10 20:24 - 2017-10-26 15:32 - 000000000 ____D C:\Program Files\Epic Games 2017-12-08 20:03 - 2017-09-30 12:55 - 000000000 ____D C:\Users\Jared\AppData\Local\UnrealEngine 2017-12-08 17:37 - 2017-11-07 21:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3664622787-202345870-56879904-1001 2017-12-08 17:37 - 2017-08-30 20:16 - 000002359 _____ C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-12-08 17:37 - 2017-08-30 20:16 - 000000000 ___RD C:\Users\Jared\OneDrive 2017-12-04 15:20 - 2017-09-08 22:32 - 000000000 ____D C:\Users\Jared\Documents\The Witcher 3 2017-11-26 00:05 - 2017-11-05 14:58 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Files in the root of some directories ======= 2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ () C:\ProgramData\lock.dat 2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ () C:\ProgramData\TeamVieverService.dll 2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ () C:\Users\Jared\AppData\Local\installer.dat 2017-09-10 16:22 - 2017-12-22 09:29 - 000007597 _____ () C:\Users\Jared\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2017-12-20 19:40 - 2017-12-20 19:40 - 000920448 _____ () C:\Users\Jared\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 000024612 _____ (Valssaamontie 53) C:\Users\Jared\AppData\Local\Temp\capi.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 000016384 _____ (noOrg) C:\Users\Jared\AppData\Local\Temp\cubesta.exe 2017-12-21 19:05 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\Users\Jared\AppData\Local\Temp\dllnt_dump.dll 2017-12-20 19:39 - 2017-12-20 19:39 - 003179374 _____ () C:\Users\Jared\AppData\Local\Temp\golm.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 001792069 _____ () C:\Users\Jared\AppData\Local\Temp\pi.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\drivers\DrToolKrl.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION LastRegBack: 2017-12-20 20:50 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01 Ran by Jared (25-12-2017 17:47:28) Running from C:\Users\Jared\Desktop Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled) Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled) Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.) 7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT) Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.) Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - ) Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel) iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation) Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version: - ) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.) RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH) TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear) TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.) Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation) Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] () Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation) Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation) Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.) Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {98202221-583C-4EC2-8687-384A73502623} - System32\Tasks\iPubster => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iPubster\iPubster.dll",OyULwQ <==== ATTENTION Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation) Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {B53677B8-DBC7-4C52-8E51-89D0BEFA52E3} - System32\Tasks\Chronix MP3G-CE Extractor => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Chronix MP3G.CE Extractor\Chronix MP3G.CE Extractor.dll",rQHOFWty Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation) Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.) Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-12-20 20:53 - 2015-06-01 07:05 - 002464256 _____ () C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll 2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2017-08-18 03:41 - 2017-08-18 03:41 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll 2017-08-18 03:41 - 2017-08-18 03:41 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll 2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll 2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll 2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe 2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe 2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe 2017-12-05 18:59 - 2017-12-05 18:59 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll 2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-10-19 14:58 - 2017-12-25 17:29 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll 2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL 2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll 2017-09-08 21:30 - 2017-12-25 17:32 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll 2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll 2017-12-11 23:37 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\ffmpeg.dll 2017-12-12 07:32 - 2017-12-12 07:32 - 001886712 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001773560 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node 2017-12-11 23:37 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libglesv2.dll 2017-12-11 23:37 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libegl.dll 2017-12-12 07:32 - 2017-12-12 07:32 - 009802232 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001505784 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node 2017-12-12 07:32 - 2017-12-12 07:32 - 000513016 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node 2017-12-12 07:32 - 2017-12-12 07:32 - 002662904 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001517048 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node 2017-12-12 07:32 - 2017-12-12 07:32 - 002749944 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\thwseyva.sys:changelist [918] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com 127.0.0.1 asedownloadgate.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 ladomainadeserver.com 127.0.0.1 www.wizzmonetize.com 127.0.0.1 gf.tools.avast.com There are 361 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg DNS Servers: 192.168.2.1 - 142.166.166.166 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{15722B42-B690-46BA-8276-C7F7988A0D2F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{3F75556A-628B-4E80-A56B-0F94AD29A3AA}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{CC714624-5093-4AA1-94C7-F80CB680CFF0}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{79B3413C-01A2-40DA-857C-3B57F87AEA70}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{BE8CAF66-CAF5-4014-9B98-E15BB25EDB79}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{6AAF6D99-D01C-4925-8EC6-5A1ED9F40887}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{0ECA6D84-E3AA-494A-9711-EC49195E0AF6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{98BBB5DE-AE16-4EF1-BFDA-D0623BF1543A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{9DC70EB6-DC6F-480D-BEB9-E8C4FECEFF36}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{4A104148-BAEB-4B86-8307-3ECC11D15CEE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{08C61A05-0241-4CB0-B35B-6C834CD8DB03}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{97447B31-69F7-4681-87FE-C81B9D162A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe FirewallRules: [{C3056B4A-02A5-45FB-BDA4-37B286ECAEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe FirewallRules: [{32207B8D-E4CE-4110-AD03-DB6EF7AFC725}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [{F78EAF6F-C672-4E3E-980F-486D94C3743F}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [{B3255CE9-A583-4502-B8A3-A33F100B0EA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EB403D97-2D30-4B92-ACB1-CCF64B1FA8F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2333B732-163C-419E-B859-EDFC0856DA24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A7356D4A-462E-4785-A587-603095855201}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{AFD26F73-F1A7-4A72-B3C6-15F106829C17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1364CAEA-CF6A-4960-A45A-702899980CE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1D11E886-5067-4749-B451-BF9C7FA38ED2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{6CCC7268-8F8E-4BEB-9AA8-4449E01F6B65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{1204D603-9107-48FC-B8A8-9DBCE56ACD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{7CB9BE80-CBF4-440F-8E32-7602BE299D9E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{29F7EBB1-0EFB-45A0-995F-58319EA5980E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{233E32A2-6493-4A73-9EFA-A66B07413EE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F04A6C02-B3D8-4CD6-B6A0-D730C4E7E0E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5105E693-BC5A-4722-BCAF-9B91840E37F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0F42BE6D-06F8-4A98-B30E-CBE7DDA9CA16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8F316B13-0EE9-4515-8C8B-2BD036A2AC00}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{C6CB56EC-BDFC-43B3-92F8-6DC3BB59AD7A}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{DF9818AC-D700-4856-A460-556F1BE5E655}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A62263AA-6977-4AB7-8B5B-4C4585667046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{2F3BAA9B-31C1-4701-837D-71663C4D859E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2B26CE4B-BD88-43AE-8105-1776C8774408}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D760608C-0D70-411E-A635-34BD2C1EA8E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{28A09357-86E1-4493-A723-691A33D6EC21}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [UDP Query User{E3D72C53-1F89-4FDA-8BA6-FBC429DBFD2B}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [{5587831F-79F3-43F8-B786-D90A9584B508}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{740AEE29-EE44-4E8B-8CEE-5B2A3AED6402}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{9540B722-83BE-4400-A188-99C070E966DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BA8F7934-7661-4FAE-A5EF-980484159227}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{10DC75AE-5E37-4D56-930C-0E97E2FE9249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{EEEA6290-F22F-4604-82EF-478AC2B01B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{66182FDD-45E5-4C7C-B7E7-0A78754D6285}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{4312BE95-5C74-4F30-937C-5FE9EC084721}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{78D9C1C6-7436-417C-924A-2460CF6E471B}] => (Allow) LPort=9143 FirewallRules: [{7DDDA7E0-F00F-4E1D-9376-9C94A12C5EBB}] => (Allow) LPort=2333 FirewallRules: [{0F8BC471-74CF-4000-AC3C-A670033FBC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{65649B17-3007-45EC-9908-CAF317E61840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{46A68C26-80D5-4016-85F2-F729A199AC35}] => (Allow) D:\iTunes.exe FirewallRules: [{04683E3C-0EA3-4C85-80BA-F0A58A2FFEAA}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [TCP Query User{BD51FDF0-0390-4E68-BF27-4895AE956656}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{8D037296-80EC-4091-B130-3DE36B9F09F6}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{D3687704-2F1B-483A-9D8A-415DBA9B491A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CA4B22A9-7278-4B8B-A7DA-724F6F31208B}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B1F5F306-CECE-4DC0-BA27-971E3D5F03FF}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B3D3C48C-A439-4BCF-8B7A-F287C3E42C9C}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{D7A82F5C-B8C4-4904-9828-55AA6D011144}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [TCP Query User{68E9FA2E-5FA8-46F2-A93D-D44BA91157E1}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [UDP Query User{A1AF2845-1969-496D-B63A-E9EEA9A944AF}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe ==================== Restore Points ========================= 22-12-2017 11:19:29 Installed DirectX ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/25/2017 05:42:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x2230 Faulting application start time: 0x01d37dd1b24ce473 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 14a2089c-4844-47a5-abf7-cfe1f3c40666 Faulting package full name: Faulting package-relative application ID: Error: (12/25/2017 05:32:17 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (12/25/2017 05:31:30 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/25/2017 05:30:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/25/2017 05:30:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/25/2017 05:30:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/25/2017 05:29:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (12/22/2017 10:12:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x6b4 Faulting application start time: 0x01d37b3741c215cc Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 2e6bfd21-ed28-49ca-b381-2442bff4e2b4 Faulting package full name: Faulting package-relative application ID: Error: (12/22/2017 10:07:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/22/2017 10:07:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent System errors: ============= Error: (12/25/2017 05:29:47 PM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2017 11:21:19 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (12/22/2017 10:06:12 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2017 10:06:10 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8038e0896c1, 0xffffee81a11962d8, 0xffffee81a1195b20). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 75b86667-1d87-4485-8599-2c5c44589298. Error: (12/22/2017 10:06:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2017 10:06:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-12-25 17:44:29.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:44:29.321 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:44:27.351 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:44:27.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:33:06.720 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:33:06.719 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:32:50.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:32:50.078 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:32:40.149 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-25 17:32:40.149 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 26% Total physical RAM: 16341.87 MB Available physical RAM: 11953.8 MB Total Virtual: 18773.87 MB Available Virtual: 13809.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.5 GB) (Free:30.43 GB) NTFS Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:726.13 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted December 26, 2017 ID:1194548 Share Posted December 26, 2017 Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. Link to post Share on other sites More sharing options...
JaredNolan Posted December 26, 2017 Author ID:1194611 Share Posted December 26, 2017 Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2017.12.26.03 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.125.16299.0 Jared :: JAREDS-PC [administrator] 12/26/17 11:07:53 AM mbar-log-2017-12-26 (11-07-53).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 214220 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 93 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [76b5d658f4b6db5bf1d9812bdd24c13f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5ecdfc32abff6dc944b64f61f60b36ca] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30fbfa34505a1224f32d3d701ae729d7] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ed3e4ae4acfef73fefa04f5f7988d42c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aa81240ac3e757dfb49bc0ee22dfe31d] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c368b27cb1f937ff15f4713ec63b08f8] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a883ad81723893a39c3919974db452ae] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ddee24cc5e5cc6aa97a0ba5c53c52ae] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d655909ebeec4aecc4712b8128d91be5] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a68580aef1b9c96d0ab905a99a67d42c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e28da1aa0072c4b397d0e0f110ac54] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1e0daa84abfff640b4a7cce435cc58a8] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [da5132fc6446c76fd4f5179518e9f40c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7caf86a89b0f65d122ffc8e8c33ea957] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a982d7577139082e0389f2bd8a7703fd] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52d9121cb4f655e191e41f8e0bf609f7] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [290283abebbf75c1ba330aa4837e6b95] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ec3faf7f74361e189f10cce3bf42f10f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [75b6e04eeebc3afc077c0ca358a9629e] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bf6c012ddcce90a61e700da1e51c0df3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0a21b777139788ae4ee74e630ef3cc34] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4be0ce60466451e5fda70ba348b9748c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4cdf34fa2387fc3a6a725f4f956ca858] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8d9e3af4eebc62d4308103adba472dd3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a58616188b1fda5cdcaff1bf4ab79b65] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [44e79b9307a3f83e6be3f4ba7091c53b] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [57d47eb04a604aec7a34f7b8d22f1ee2] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f8c46e85258ca6cb3854f60b64b39c7] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [04270925a208aa8c6957248c60a1d729] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [230853dbbcee989e0732119ed32e7a86] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2902d856fdad95a16117ae02c53c1be5] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8c9f78b606a4ea4c76d5e5ca2ad754ac] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2803ba7425852f07b7c2327e818040c0] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0427d35bb2f875c190445d534eb3fb05] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [89a2b777bceeb581f71d3f7206fb45bb] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [34f7a6884664f73f4c3ff2bd43be4cb4] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [200b0826901ad36300c6bff04fb2c937] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d556da54cfdbdf5724c390209170916f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7dae6ac4604abe781d441d919e633cc4] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e231fdc1e9fe3875aa288640c104fc] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9e8d7fafaefc4bebc05e1398c73a5da3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [121966c874367cba12acaffe778aac54] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8aa1e14d95150a2c21ce28871ae79070] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f03bca64d5d5be784bd7cce4ef1217e9] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3bf04ce2e4c6280e7937713e31d060a0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1d0e1a1458522b0b5377416bd13016ea] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [46e5f13dc0ea270fa357288858a9af51] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dfe3af4ecbeaf87eb35c7e68e73c739] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf5c4fdf01a94fe7fe918529d62b1fe1] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2308cf5fa307e74fec638e20e51c6799] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [55d63bf32585c76f09004b6458a98878] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e4473fefb1f94de910c5d6dabc45e917] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e04b2806109ae056df440aa6867b6799] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c2693fef8a20072f5dd89814c63bdd23] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6bc0d856b7f3de58a221ac0251b03ac6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f2399896d5d5092da7a3c8e85da4f709] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [32f91717238793a32d2e40706b96c040] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d15a6bc3b2f83105ab1ecae28180936d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1a11d7575e4c072fd05110a025dc21df] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c06bdd51664478be7a12a40b9d64639d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c06b5fcf7e2ca78f90e5525bef12f30d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ce5d121cf6b455e15994515dfd04ae52] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca61a589f8b2ac8a3f70a80709f88977] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30fbc569eebce35396ede5caf40d7e82] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7bb0a48a5c4e67cf99f5edc157aa39c7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fb306ac45e4cf6401124ad0405fcbd43] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [be6d99957e2ccb6b792be8c6ac556799] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [66c588a6a00a8aac9f3decc232cf6b95] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e267c74d5da591b2ffbcf4ad54956b] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fd2ea48a65452f07800ba70907fa50b0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab806bc32d7df93d3915c1ed9d64ea16] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d754bd71e5c51b1bebc3c1eea35e07f9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [82a97ab49a1087af5fd907a8c73a2dd3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9596ba744e5cdb5b526e10a027da33cd] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ed3e88a64763dc5a4beea609ab5614ec] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [81aa88a6901ac3733f39e4cca35e5ba5] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a28969c509a10d297bd06748c0413ec2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7fac40ee04a65fd7ea8fd4dcd42d10f0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a28982ac83272511c70d7e3210f117e9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [28039e908426f5416ca8baf7669b827e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0a211b13b2f81f17503ba00f857c58a8] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9299cf5fa20896a0c105b6f959a83ec2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b378ca642d7dd16527c04b6504fde21e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c3689698f5b5bf772d34f4ba6f9251af] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [df4cce60a109191d57c8cfdf60a1e818] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f833fe303773e056948a901b06fb7e82] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45e6bc72b9f184b2c9f5dad3e21f3ac6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [929970be5b4ff145955a6748936ec040] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7bb062cc2e7cfb3bb969911fd52c6b95] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c665949a7634d660ad03baf5639ea35d] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrToolKrl (Rootkit.WeaponX) -> Delete on reboot. [210acc62bbef4aecfaf1577d7091d927] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DVYUXKTDYI1P UPDATER (Adware.DNSUnlocker.Generic) -> Delete on reboot. [969559d512981f176dcfb0afaa56c53b] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SWFKEW1APKPM UPDATER (Adware.DNSUnlocker.Generic) -> Delete on reboot. [eb400c221298da5c7bc1332cc8389e62] Registry Values Detected: 2 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dVyuxKTDYi1p Updater|ImagePath (Adware.DNSUnlocker.Generic) -> Data: C:\Program Files (x86)\dVyuxKTDYi1p Updater\dVyuxKTDYi1p Updater.exe -> Delete on reboot. [969559d512981f176dcfb0afaa56c53b] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SwfkeW1apKPM Updater|ImagePath (Adware.DNSUnlocker.Generic) -> Data: C:\Program Files (x86)\SwfkeW1apKPM Updater\SwfkeW1apKPM Updater.exe -> Delete on reboot. [eb400c221298da5c7bc1332cc8389e62] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 6 C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9] C:\ProgramData\6a5eb53d821247cc87df067b567c15d3 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080] C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5] C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a] C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818] C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7] Files Detected: 33 C:\WINDOWS\SYSTEM32\drivers\DrToolKrl.sys (Rootkit.WeaponX) -> Delete on reboot. [3608fce69e5e1edbcef60ab0effe2c92] C:\Program Files (x86)\foldershare\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [909bfd31e1c985b13f2289f5c041dd23] C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll (Trojan.Wdfload.TskLnk) -> Delete on reboot. [ce5d49e51d8d61d5d0c5496b06faa957] C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll (Trojan.Wdfload.TskLnk) -> Delete on reboot. [f536200ec4e6ca6cff962b89e71954ac] C:\Users\Jared\AppData\Local\Temp\CSMEE05.tmp (Adware.PremierOpinion) -> Delete on reboot. [280384aae3c746f05779387b817fd927] C:\Users\Jared\AppData\Local\Temp\iaqjthry.lql\data.exe (Adware.FastDataX) -> Delete on reboot. [45e640eea802d363b69ae21fdf24ed13] C:\Users\Jared\AppData\Local\Temp\buqs1b4y.hw2\setup.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [8e9d0a247c2e6dc9c98df0ce3ec3ae52] C:\Users\Jared\AppData\Local\Temp\pwdim3z1.og3\setup.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [56d5b7775f4b69cdc492ecd28879fb05] C:\Users\Jared\AppData\Local\Temp\5xeonz4k.h3s\data.exe (Adware.FastDataX) -> Delete on reboot. [f536fb33802a70c677d946bbfd06837d] C:\Users\Jared\AppData\Local\Temp\a2shzss5.v25\data.exe (Adware.FastDataX) -> Delete on reboot. [cd5e72bcb3f78fa7da7604fd32d1fd03] C:\Users\Jared\AppData\Local\Temp\jnswsmsi.jv0\data.exe (Adware.FastDataX) -> Delete on reboot. [69c26ac47535e35328287889b84b7987] C:\Users\Jared\AppData\Local\Temp\is-6PFHL.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [7cafd05ef7b3d26424ccd6e58977718f] C:\Users\Jared\AppData\Local\Temp\is-EE5FT.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [a18a7faf2c7e64d2e709308bb74922de] C:\Users\Jared\AppData\Local\Temp\is-HLVB6.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [082335f93179d165ee020dae07f96799] C:\Users\Jared\AppData\Local\Temp\is-NNCIU.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [fe2dd8566a40d264da169c1f01ff21df] C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9] C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\QRLVCHCTYG.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9] C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\QRLVCHCTYG.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9] C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080] C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\TMCILZUEKL.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080] C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\TMCILZUEKL.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080] C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5] C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\DWAYUKPXKE.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5] C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\DWAYUKPXKE.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5] C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a] C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\ZHABZMXIPA.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a] C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\ZHABZMXIPA.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a] C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818] C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\DPUNCDMWQM.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818] C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\DPUNCDMWQM.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818] C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7] C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\VFKZTIAWJM.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7] C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\VFKZTIAWJM.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7] Physical Sectors Detected: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted December 26, 2017 ID:1194619 Share Posted December 26, 2017 Awesome! MBAR got rid of the main infection. Now let's see if Malwarebytes detects anything else. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan Let the scan run, the time required to complete the scan depends of your system and computer specs Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected buttonIf it asks you to restart your computer to complete the removal, do so Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply Link to post Share on other sites More sharing options...
JaredNolan Posted December 26, 2017 Author ID:1194624 Share Posted December 26, 2017 1 hour ago, Aura said: Awesome! MBAR got rid of the main infection. Now let's see if Malwarebytes detects anything else. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan Let the scan run, the time required to complete the scan depends of your system and computer specs Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button If it asks you to restart your computer to complete the removal, do so Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply The Program still will not open Link to post Share on other sites More sharing options...
Aura Posted December 26, 2017 ID:1194626 Share Posted December 26, 2017 Is it giving an error message, or it's just that nothing happens when you try to open it? Link to post Share on other sites More sharing options...
JaredNolan Posted December 26, 2017 Author ID:1194633 Share Posted December 26, 2017 2 hours ago, Aura said: Is it giving an error message, or it's just that nothing happens when you try to open it? Nothing is happening when I click it Link to post Share on other sites More sharing options...
JaredNolan Posted December 26, 2017 Author ID:1194634 Share Posted December 26, 2017 2 hours ago, Aura said: Is it giving an error message, or it's just that nothing happens when you try to open it? Just tried uninstalling and re downloading now it's saying "App has been blocked for your protection" Link to post Share on other sites More sharing options...
Aura Posted December 26, 2017 ID:1194665 Share Posted December 26, 2017 Can you run a new scan with FRST and provide me a fresh set of logs? Seems like the main infection (CertLock) came back, despite MBAR removing it. Link to post Share on other sites More sharing options...
JaredNolan Posted December 26, 2017 Author ID:1194686 Share Posted December 26, 2017 (edited) 2 hours ago, Aura said: Can you run a new scan with FRST and provide me a fresh set of logs? Seems like the main infection (CertLock) came back, despite MBAR removing it. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017 Ran by Jared (administrator) on JAREDS-PC (26-12-2017 18:26:52) Running from C:\Users\Jared\Desktop Loaded Profiles: Jared (Available Profiles: Jared) Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe (Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegisterService.exe () D:\tunnelbear\TunnelBear.Maintenance.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Apple Inc.) D:\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (juvlarN) C:\Users\Jared\Desktop\vibranceGUI.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegister.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe (GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-30] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.) HKLM-x32\...\Run: [MSIRegister] => D:\MSIRegister\MSIRegister.exe [1258448 2016-11-09] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel) HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [vibranceGUI] => C:\Users\Jared\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN) HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-09-08] ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks) Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CAM.lnk [2017-10-03] ShortcutTarget: CAM.lnk -> C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe () Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2017-09-08] ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\autorun.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166 Tcpip\..\Interfaces\{c1579510-25d2-4d07-9375-1951d7a37481}: [DhcpNameServer] 192.168.2.1 142.166.166.166 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-09-09] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.144.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default [2017-12-26] CHR Extension: (Slides) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08] CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08] CHR Extension: (Sheets) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08] CHR Extension: (AdBlock) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08] CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08] CHR Extension: (Chrome Media Router) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-14] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation) R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32464 2017-08-10] (Corsair Components, Inc.) R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-11-05] (EasyAntiCheat Ltd) S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed] S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2406576 2017-03-29] (Intel Corporation) R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2010848 2016-11-17] (Rivet Networks) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.) R2 MSIREGISTER_MR; D:\MSIRegister\MSIRegisterService.exe [132048 2016-10-07] (Micro-Star INT'L CO., LTD.) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] () R2 TunnelBearMaintenance; D:\tunnelbear\TunnelBear.Maintenance.exe [37248 2017-09-06] () S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] () R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-10] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 7164E3D9; C:\WINDOWS\System32\drivers\7164E3D9.sys [255928 2017-12-26] (Malwarebytes) R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-12-26] (CPUID) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-29] (Intel Corporation) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.) R1 MpKsl3e42eeae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9C79173-B74C-40EB-8E52-9FFB4FDC62C0}\MpKsl3e42eeae.sys [58120 2017-12-21] (Microsoft Corporation) R1 MpKslabe42c3a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8661E67-F3A9-491B-83A4-C80544449069}\MpKslabe42c3a.sys [58120 2017-12-26] (Microsoft Corporation) S3 NTIOLib_1_0_C; D:\MSI MOBO\NTIOLib_X64.sys [11888 2011-06-28] (MSI) [File not signed] R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation) R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [89440 2016-11-17] (Rivet Networks, LLC.) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-10] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-10] (Microsoft Corporation) R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [14544 2017-12-26] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-26 18:12 - 2017-12-26 18:12 - 000000000 ____D C:\Users\Jared\Desktop\FRST-OlderVersion 2017-12-26 13:26 - 2017-12-26 13:26 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (3).exe 2017-12-26 11:13 - 2017-12-26 11:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2017-12-26 11:07 - 2017-12-26 11:14 - 000000000 ____D C:\Users\Jared\Desktop\mbar 2017-12-26 11:07 - 2017-12-26 11:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-12-26 11:07 - 2017-12-26 11:07 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7164E3D9.sys 2017-12-26 11:06 - 2017-12-26 11:06 - 014161479 _____ C:\Users\Jared\Downloads\mbar-1.10.3.1001-nr.exe 2017-12-26 11:06 - 2017-12-26 11:06 - 014161479 _____ C:\Users\Jared\Desktop\mbar-1.10.3.1001-nr.exe 2017-12-26 09:51 - 2017-12-26 09:52 - 163281102 _____ C:\Users\Jared\Downloads\bh demos.zip 2017-12-26 09:49 - 2017-12-26 09:49 - 103346862 _____ C:\Users\Jared\Downloads\BROCKHAMPTON - Saturation [iTunes].zip 2017-12-25 21:29 - 2017-12-25 21:29 - 000906752 _____ C:\WINDOWS\schose.exe 2017-12-25 17:51 - 2017-12-25 17:51 - 000000000 ____D C:\Users\Jared\AppData\Local\GIGABYTE 2017-12-25 17:47 - 2017-12-26 18:27 - 000024208 _____ C:\Users\Jared\Desktop\FRST.txt 2017-12-25 17:47 - 2017-12-25 17:47 - 000055423 _____ C:\Users\Jared\Desktop\Addition.txt 2017-12-25 17:46 - 2017-12-26 18:26 - 000000000 ____D C:\FRST 2017-12-25 17:46 - 2017-12-26 18:12 - 002391552 _____ (Farbar) C:\Users\Jared\Desktop\FRST64.exe 2017-12-25 17:45 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Downloads\FRST64.exe 2017-12-22 11:19 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2017-12-22 11:19 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2017-12-22 11:18 - 2017-12-22 11:18 - 032227328 _____ C:\Users\Jared\Downloads\EpicInstaller-7.0.0.msi 2017-12-22 10:11 - 2017-12-22 10:12 - 000003586 _____ C:\Users\Jared\Desktop\Rkill.txt 2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill (1).exe 2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Desktop\rkill (1).exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Downloads\ESETPoweliksCleaner.exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe 2017-12-22 10:11 - 2017-12-22 10:11 - 000000022 _____ C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe_20171222.101115.10272.zip 2017-12-21 21:46 - 2017-12-21 21:46 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0 (1).zip 2017-12-21 21:44 - 2017-12-21 21:44 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (2).exe 2017-12-21 20:30 - 2017-12-21 20:30 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0 (1).exe 2017-12-21 20:29 - 2017-12-21 20:29 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0.exe 2017-12-21 19:05 - 2017-12-21 22:13 - 000000000 ____D C:\ProgramData\RogueKiller 2017-12-21 19:05 - 2017-12-21 21:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-12-21 19:05 - 2017-12-21 19:05 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-12-21 19:05 - 2017-12-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-12-21 19:04 - 2017-12-21 19:05 - 000000000 ____D C:\Program Files\RogueKiller 2017-12-21 19:04 - 2017-12-21 19:04 - 036251728 _____ (Adlice Software ) C:\Users\Jared\Downloads\setup.exe 2017-12-21 18:47 - 2017-12-11 11:14 - 000000000 ____D C:\Users\Jared\Downloads\integrity_verification 2017-12-21 18:47 - 2017-12-11 11:06 - 000000000 ____D C:\Users\Jared\Downloads\tron 2017-12-21 18:46 - 2017-12-21 18:47 - 603933879 _____ (Igor Pavlov) C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).exe 2017-12-21 18:46 - 2017-12-21 18:46 - 000185196 _____ C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).torrent 2017-12-21 18:40 - 2017-12-21 20:32 - 000000000 ____D C:\AdwCleaner 2017-12-21 18:40 - 2017-12-21 18:40 - 008172032 _____ (Malwarebytes) C:\Users\Jared\Downloads\AdwCleaner.exe 2017-12-21 18:39 - 2017-12-21 18:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe 2017-12-21 18:35 - 2017-12-21 18:35 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0.zip 2017-12-21 18:33 - 2017-12-21 18:33 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe 2017-12-21 18:33 - 2017-12-21 18:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-12-21 18:22 - 2017-12-26 13:26 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-21 18:22 - 2017-12-26 13:26 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-21 18:21 - 2017-12-21 18:22 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe 2017-12-20 21:08 - 2017-12-20 21:08 - 000016872 _____ C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE 2017-12-20 20:53 - 2017-12-20 20:53 - 000016876 _____ C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease 2017-12-20 20:24 - 2017-12-20 20:24 - 000000000 _____ C:\autoexec.bat 2017-12-20 20:14 - 2017-12-20 20:14 - 000000000 ___HD C:\Users\Jared\MicrosoftEdgeBackups 2017-12-20 20:11 - 2017-12-26 09:07 - 000000000 ____D C:\WINDOWS\Minidump 2017-12-20 19:45 - 2017-12-20 19:45 - 001129816 _____ (Google Inc.) C:\Users\Jared\Downloads\ChromeSetup (1).exe 2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ C:\ProgramData\TeamVieverService.dll 2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ C:\ProgramData\lock.dat 2017-12-20 19:41 - 2017-12-21 18:44 - 000000024 _____ C:\ProgramData\rwi.chad 2017-12-20 19:40 - 2017-12-26 11:12 - 000000000 ____D C:\Program Files (x86)\foldershare 2017-12-20 19:40 - 2017-12-25 18:17 - 007419393 _____ C:\WINDOWS\nvdia.exe 2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Roaming\cc7c59c5aa2a4253a93829072f71de90 2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\Users\Jared\AppData\Local\f60daabad01942e0afb138f0b7cc7650 2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\ProgramData\de5f5c4699ea479f85bf44bc7cde3c3a 2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ C:\Users\Jared\AppData\Local\installer.dat 2017-12-20 17:58 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Jared\dawntained 2017-12-20 17:58 - 2017-12-20 17:58 - 000095290 _____ C:\Users\Jared\Downloads\dawntained.jar 2017-12-20 16:38 - 2017-12-26 09:40 - 000000000 ____D C:\Users\Jared\AppData\LocalLow\uTorrent 2017-12-18 21:29 - 2017-12-18 21:29 - 058982477 _____ C:\Users\Jared\Downloads\Days_Before_Rodeo-(DatPiff.com).zip 2017-12-17 21:57 - 2017-12-17 21:57 - 000000000 ____D C:\.zonica_cache_32 2017-12-17 21:56 - 2017-12-17 21:57 - 000000000 ____D C:\Users\Jared\.zonica_32 2017-12-17 21:56 - 2017-12-17 21:56 - 000195413 _____ C:\Users\Jared\Downloads\Zonica.jar 2017-12-17 21:36 - 2017-12-20 19:42 - 000000000 ____D C:\Users\Jared\AppData\Roaming\TS3Client 2017-12-17 21:35 - 2017-12-17 21:35 - 000000680 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2017-12-17 21:35 - 2017-12-17 21:35 - 000000630 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2017-12-17 21:34 - 2017-12-17 21:34 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Jared\Downloads\TeamSpeak3-Client-win64-3.1.7.exe 2017-12-13 20:01 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-13 20:01 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-13 19:20 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-12-13 19:20 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys 2017-12-13 19:20 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-12-13 19:20 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-12-13 19:20 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-12-13 19:20 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-12-13 19:20 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll 2017-12-13 19:20 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-12-13 19:20 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-12-13 19:20 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-12-13 19:20 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2017-12-13 19:20 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe 2017-12-13 19:20 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2017-12-13 19:20 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-12-13 19:20 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-12-13 19:20 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-12-13 19:20 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-12-13 19:20 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2017-12-13 19:20 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys 2017-12-13 19:20 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-12-13 19:20 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-12-13 19:20 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-12-13 19:20 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2017-12-13 19:20 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2017-12-13 19:20 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-12-13 19:20 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-12-13 19:20 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-12-13 19:20 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2017-12-13 19:20 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-12-13 19:20 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-12-13 19:20 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-12-13 19:20 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-12-13 19:20 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2017-12-13 19:20 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2017-12-13 19:20 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-12-13 19:20 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-12-13 19:20 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll 2017-12-13 19:20 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-12-13 19:20 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-12-13 19:20 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2017-12-13 19:20 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2017-12-13 19:20 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-12-13 19:20 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-12-13 19:20 - 2017-12-07 17:29 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterShim.dll 2017-12-13 19:20 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-12-13 19:20 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-12-13 19:20 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-12-13 19:20 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-12-13 19:20 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx 2017-12-13 19:20 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-12-13 19:20 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-12-13 19:20 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2017-12-13 19:20 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe 2017-12-13 19:20 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe 2017-12-13 19:20 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll 2017-12-13 19:20 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2017-12-13 19:20 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2017-12-13 19:20 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2017-12-13 19:20 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll 2017-12-13 19:20 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe 2017-12-13 19:20 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll 2017-12-13 19:20 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe 2017-12-13 19:20 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2017-12-13 19:20 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-12-13 19:20 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-12-13 19:20 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2017-12-13 19:20 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-12-13 19:20 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-12-13 19:20 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-12-13 19:20 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2017-12-13 19:20 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-12-13 19:20 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-12-13 19:20 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-12-13 19:20 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-12-13 19:20 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-12-13 19:20 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-12-13 19:20 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-12-13 19:20 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2017-12-13 19:20 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2017-12-13 19:20 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2017-12-13 19:20 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2017-12-13 19:20 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-12-13 19:20 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-12-13 19:20 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2017-12-13 19:20 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2017-12-13 19:20 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-12-13 19:20 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-12-13 19:20 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-12-13 19:20 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-12-13 19:20 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-12-13 19:20 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-12-13 19:20 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-12-13 19:20 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-12-13 19:20 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-12-13 19:20 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2017-12-13 19:20 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2017-12-13 19:20 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-12-13 19:20 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2017-12-13 19:20 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-12-13 19:20 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-12-13 19:20 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-12-13 19:20 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-12-13 19:20 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2017-12-13 19:20 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll 2017-12-13 19:20 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-12-13 19:20 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2017-12-13 19:20 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2017-12-13 19:20 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-12-13 19:20 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-12-13 19:20 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-12-13 19:20 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2017-12-13 19:20 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-12-13 19:20 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-12-13 19:20 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2017-12-13 19:20 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-12-13 19:20 - 2017-11-26 08:21 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-12-13 19:20 - 2017-11-26 08:21 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-12-13 19:20 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-12-13 19:20 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-12-13 19:20 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-12-13 19:20 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-12-13 19:20 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll 2017-12-13 19:20 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-12-13 19:20 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-12-13 19:20 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-12-13 19:20 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-12-13 19:20 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll 2017-12-13 19:20 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2017-12-13 19:20 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll 2017-12-13 19:20 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2017-12-13 19:20 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2017-12-13 19:20 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-12-13 19:20 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-12-13 19:20 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2017-12-13 19:20 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2017-12-13 19:20 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2017-12-13 19:20 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2017-12-13 19:20 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll 2017-12-13 19:20 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-12-13 19:20 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll 2017-12-13 19:20 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-12-13 19:20 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2017-12-13 19:20 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-12-13 19:20 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-12-13 19:20 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-12-13 19:20 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-12-13 19:20 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-12-13 19:20 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-12-13 19:20 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2017-12-13 19:20 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-12-13 19:20 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-12-13 19:20 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-12-13 19:20 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-12-13 19:20 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2017-12-13 19:20 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-12-13 19:20 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-12-13 19:20 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-12-13 19:20 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-12-13 19:20 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2017-12-13 19:20 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll 2017-12-13 19:20 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll 2017-12-13 19:20 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2017-12-13 19:20 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-12-13 19:20 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-12-13 19:20 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll 2017-12-13 19:20 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-12-13 19:20 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-12-13 19:20 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2017-12-13 19:20 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-12-13 19:20 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2017-12-13 19:20 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-12-13 19:20 - 2017-11-26 05:57 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-12-13 19:20 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2017-12-13 19:20 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-12-13 19:20 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-12-13 19:20 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-12-13 19:20 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll 2017-12-13 19:20 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll 2017-12-13 19:20 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2017-12-13 19:20 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll 2017-12-13 19:20 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-12-13 19:20 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-12-13 19:20 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2017-12-13 19:20 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-12-13 19:20 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2017-12-13 19:20 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-12-13 19:20 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-12-13 19:20 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-12-13 19:20 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll 2017-12-13 19:20 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll 2017-12-13 19:20 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll 2017-12-13 19:20 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2017-12-11 17:03 - 2017-12-11 17:04 - 000000000 ____D C:\Users\Jared\Desktop\CSGO 2017-12-11 17:03 - 2017-12-11 17:03 - 000000000 ____D C:\Users\Jared\Desktop\Witcher Mods 2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2017-12-02 18:45 - 2017-12-02 18:45 - 000000000 ____D C:\Program Files (x86)\Razer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-26 18:15 - 2017-09-08 20:15 - 000000000 ____D C:\Program Files (x86)\Steam 2017-12-26 15:29 - 2017-11-07 21:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DA44643-B285-4279-864B-5A82909EE1D9} 2017-12-26 13:30 - 2017-09-08 19:55 - 000000000 ____D C:\Users\Jared\AppData\Local\CrashDumps 2017-12-26 11:23 - 2017-11-07 21:06 - 000003330 _____ C:\WINDOWS\System32\Tasks\CAM 2017-12-26 11:19 - 2017-11-07 21:12 - 001463230 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-26 11:13 - 2017-11-07 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-26 11:13 - 2017-11-07 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-12-26 11:13 - 2017-11-05 15:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-12-26 11:13 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Jack Game Contacts Lease 2017-12-26 11:13 - 2017-09-11 11:42 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-26 11:13 - 2017-09-08 20:09 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys 2017-12-26 11:12 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\EPSON Stylus CX5000 XE 2017-12-26 09:57 - 2017-09-16 21:34 - 000000000 ____D C:\Users\Jared\AppData\Roaming\uTorrent 2017-12-26 08:53 - 2017-09-08 21:03 - 000000000 ____D C:\ProgramData\LogiShrd 2017-12-25 18:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\iPubster 2017-12-25 18:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Chronix MP3G.CE Extractor 2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-25 17:32 - 2017-11-24 20:40 - 000003492 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics 2017-12-25 17:30 - 2017-09-10 15:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility 2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk 2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2017-12-22 10:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2017-12-22 10:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared 2017-12-22 09:29 - 2017-09-10 16:22 - 000007597 _____ C:\Users\Jared\AppData\Local\resmon.resmoncfg 2017-12-21 22:14 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-12-21 21:29 - 2017-10-28 10:44 - 000000000 ____D C:\Users\Jared\Downloads\ASSASSINS CREED ORIGINS-FULL UNLOCKED RePack 2017-12-21 21:27 - 2017-09-08 21:14 - 000000000 ____D C:\ProgramData\CLink4 2017-12-21 19:31 - 2017-10-07 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear 2017-12-21 19:31 - 2017-09-09 22:24 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape 2017-12-21 19:22 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-12-20 21:15 - 2017-09-08 20:19 - 000002340 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-20 20:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2017-12-20 19:45 - 2017-11-07 21:06 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-12-20 19:45 - 2017-11-07 21:06 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-12-20 19:40 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Portable Devices 2017-12-20 16:38 - 2017-11-24 20:40 - 000000000 ___RD C:\Users\Jared\iCloudDrive 2017-12-19 08:17 - 2017-09-08 19:38 - 000000000 ____D C:\Users\Jared\AppData\Local\NVIDIA 2017-12-17 20:06 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-15 20:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache 2017-12-14 19:16 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-14 19:16 - 2017-09-21 12:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-12-13 20:01 - 2017-11-07 21:08 - 000000000 ___RD C:\Users\Jared\3D Objects 2017-12-13 20:01 - 2017-08-30 20:14 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-12-13 20:00 - 2017-11-07 21:02 - 000398592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-12-13 20:00 - 2017-09-29 09:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender 2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs 2017-12-13 20:00 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2017-12-13 19:22 - 2017-09-09 13:22 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-12-13 19:21 - 2017-10-10 19:12 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-12-13 19:21 - 2017-09-09 13:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-12-13 19:20 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-12-13 19:20 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-12-13 19:20 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-12-13 19:20 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-12-13 17:35 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared\AppData\Local\Packages 2017-12-12 07:32 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\discord 2017-12-11 23:37 - 2017-11-17 18:52 - 000002229 _____ C:\Users\Jared\Desktop\Discord.lnk 2017-12-11 23:37 - 2017-11-17 18:52 - 000000000 ____D C:\Users\Jared\AppData\Local\Discord 2017-12-11 23:37 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-12-10 20:24 - 2017-10-26 15:32 - 000000000 ____D C:\Program Files\Epic Games 2017-12-08 20:03 - 2017-09-30 12:55 - 000000000 ____D C:\Users\Jared\AppData\Local\UnrealEngine 2017-12-08 17:37 - 2017-11-07 21:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3664622787-202345870-56879904-1001 2017-12-08 17:37 - 2017-08-30 20:16 - 000002359 _____ C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-12-08 17:37 - 2017-08-30 20:16 - 000000000 ___RD C:\Users\Jared\OneDrive 2017-12-04 15:20 - 2017-09-08 22:32 - 000000000 ____D C:\Users\Jared\Documents\The Witcher 3 2017-11-26 00:05 - 2017-11-05 14:58 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Files in the root of some directories ======= 2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ () C:\ProgramData\lock.dat 2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ () C:\ProgramData\TeamVieverService.dll 2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ () C:\Users\Jared\AppData\Local\installer.dat 2017-09-10 16:22 - 2017-12-22 09:29 - 000007597 _____ () C:\Users\Jared\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== 2017-12-20 19:40 - 2017-12-20 19:40 - 000920448 _____ () C:\Users\Jared\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 000024612 _____ (Valssaamontie 53) C:\Users\Jared\AppData\Local\Temp\capi.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 000016384 _____ (noOrg) C:\Users\Jared\AppData\Local\Temp\cubesta.exe 2017-12-21 19:05 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\Users\Jared\AppData\Local\Temp\dllnt_dump.dll 2017-12-20 19:39 - 2017-12-20 19:39 - 003179374 _____ () C:\Users\Jared\AppData\Local\Temp\golm.exe 2017-12-20 19:39 - 2017-12-20 19:39 - 001792069 _____ () C:\Users\Jared\AppData\Local\Temp\pi.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-20 20:50 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017 Ran by Jared (26-12-2017 18:27:18) Running from C:\Users\Jared\Desktop Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled) Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled) Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.) 7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT) Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.) Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - ) Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel) iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation) Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version: - ) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.) RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH) TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear) TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.) Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation) Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] () Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation) Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation) Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.) Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation) Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation) Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.) Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe 2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-12-12 18:20 - 2017-12-12 18:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-12-12 18:20 - 2017-12-12 18:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-12-12 18:20 - 2017-12-12 18:20 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-12-12 18:20 - 2017-12-12 18:20 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll 2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe 2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll 2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll 2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe 2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe 2017-12-05 18:59 - 2017-12-05 18:59 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 001037600 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe 2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll 2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-09-08 20:15 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll 2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2017-10-19 14:58 - 2017-12-26 11:13 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll 2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL 2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll 2017-09-08 21:30 - 2017-12-26 11:23 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll 2017-12-11 23:37 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\ffmpeg.dll 2017-12-12 07:32 - 2017-12-12 07:32 - 001886712 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001773560 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node 2017-12-11 23:37 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libglesv2.dll 2017-12-11 23:37 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libegl.dll 2017-12-12 07:32 - 2017-12-12 07:32 - 009802232 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001505784 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node 2017-12-12 07:32 - 2017-12-12 07:32 - 000513016 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node 2017-12-12 07:32 - 2017-12-12 07:32 - 002662904 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node 2017-12-12 07:32 - 2017-12-12 07:32 - 001517048 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node 2017-12-12 07:32 - 2017-12-12 07:32 - 002749944 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node 2017-09-08 20:18 - 2017-12-20 07:16 - 000249120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000345376 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000254240 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000437024 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 006339360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll 2017-11-21 18:39 - 2017-11-29 17:46 - 002588960 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\steamnetworkingsockets.dll 2017-10-18 18:56 - 2017-10-18 18:54 - 025159968 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\phonon.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000206112 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 001176864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000865568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000387360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000622368 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000213280 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000791328 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000267040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundsystem.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 001002784 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000418080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 003298080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000622368 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000189728 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000264480 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 001118496 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll 2017-09-06 14:05 - 2017-09-06 14:05 - 000007168 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\EasyLoad32.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000613152 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 012555040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 010520352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000095520 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll 2017-09-08 20:18 - 2017-09-08 20:18 - 000078624 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi 2017-09-08 20:18 - 2017-09-08 20:18 - 000020256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt 2017-12-12 07:32 - 2017-12-12 07:32 - 000618488 _____ () C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\1\DiscordOverlay.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000091936 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 001025824 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll 2017-09-08 20:18 - 2017-12-20 07:16 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com 127.0.0.1 asedownloadgate.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 ladomainadeserver.com 127.0.0.1 www.wizzmonetize.com 127.0.0.1 gf.tools.avast.com There are 361 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg DNS Servers: 192.168.2.1 - 142.166.166.166 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{15722B42-B690-46BA-8276-C7F7988A0D2F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{3F75556A-628B-4E80-A56B-0F94AD29A3AA}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{CC714624-5093-4AA1-94C7-F80CB680CFF0}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{79B3413C-01A2-40DA-857C-3B57F87AEA70}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{BE8CAF66-CAF5-4014-9B98-E15BB25EDB79}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{6AAF6D99-D01C-4925-8EC6-5A1ED9F40887}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{0ECA6D84-E3AA-494A-9711-EC49195E0AF6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{98BBB5DE-AE16-4EF1-BFDA-D0623BF1543A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{9DC70EB6-DC6F-480D-BEB9-E8C4FECEFF36}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{4A104148-BAEB-4B86-8307-3ECC11D15CEE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{08C61A05-0241-4CB0-B35B-6C834CD8DB03}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{97447B31-69F7-4681-87FE-C81B9D162A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe FirewallRules: [{C3056B4A-02A5-45FB-BDA4-37B286ECAEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe FirewallRules: [{32207B8D-E4CE-4110-AD03-DB6EF7AFC725}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [{F78EAF6F-C672-4E3E-980F-486D94C3743F}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe FirewallRules: [{B3255CE9-A583-4502-B8A3-A33F100B0EA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EB403D97-2D30-4B92-ACB1-CCF64B1FA8F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2333B732-163C-419E-B859-EDFC0856DA24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A7356D4A-462E-4785-A587-603095855201}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{AFD26F73-F1A7-4A72-B3C6-15F106829C17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1364CAEA-CF6A-4960-A45A-702899980CE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1D11E886-5067-4749-B451-BF9C7FA38ED2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{6CCC7268-8F8E-4BEB-9AA8-4449E01F6B65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{1204D603-9107-48FC-B8A8-9DBCE56ACD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{7CB9BE80-CBF4-440F-8E32-7602BE299D9E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{29F7EBB1-0EFB-45A0-995F-58319EA5980E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{233E32A2-6493-4A73-9EFA-A66B07413EE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F04A6C02-B3D8-4CD6-B6A0-D730C4E7E0E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5105E693-BC5A-4722-BCAF-9B91840E37F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0F42BE6D-06F8-4A98-B30E-CBE7DDA9CA16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8F316B13-0EE9-4515-8C8B-2BD036A2AC00}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{C6CB56EC-BDFC-43B3-92F8-6DC3BB59AD7A}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{DF9818AC-D700-4856-A460-556F1BE5E655}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A62263AA-6977-4AB7-8B5B-4C4585667046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{2F3BAA9B-31C1-4701-837D-71663C4D859E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2B26CE4B-BD88-43AE-8105-1776C8774408}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D760608C-0D70-411E-A635-34BD2C1EA8E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{28A09357-86E1-4493-A723-691A33D6EC21}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [UDP Query User{E3D72C53-1F89-4FDA-8BA6-FBC429DBFD2B}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [{5587831F-79F3-43F8-B786-D90A9584B508}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{740AEE29-EE44-4E8B-8CEE-5B2A3AED6402}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{9540B722-83BE-4400-A188-99C070E966DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BA8F7934-7661-4FAE-A5EF-980484159227}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{10DC75AE-5E37-4D56-930C-0E97E2FE9249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{EEEA6290-F22F-4604-82EF-478AC2B01B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{66182FDD-45E5-4C7C-B7E7-0A78754D6285}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{4312BE95-5C74-4F30-937C-5FE9EC084721}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{78D9C1C6-7436-417C-924A-2460CF6E471B}] => (Allow) LPort=9143 FirewallRules: [{7DDDA7E0-F00F-4E1D-9376-9C94A12C5EBB}] => (Allow) LPort=2333 FirewallRules: [{0F8BC471-74CF-4000-AC3C-A670033FBC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{65649B17-3007-45EC-9908-CAF317E61840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{46A68C26-80D5-4016-85F2-F729A199AC35}] => (Allow) D:\iTunes.exe FirewallRules: [{04683E3C-0EA3-4C85-80BA-F0A58A2FFEAA}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [TCP Query User{BD51FDF0-0390-4E68-BF27-4895AE956656}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{8D037296-80EC-4091-B130-3DE36B9F09F6}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{D3687704-2F1B-483A-9D8A-415DBA9B491A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CA4B22A9-7278-4B8B-A7DA-724F6F31208B}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B1F5F306-CECE-4DC0-BA27-971E3D5F03FF}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B3D3C48C-A439-4BCF-8B7A-F287C3E42C9C}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{D7A82F5C-B8C4-4904-9828-55AA6D011144}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [TCP Query User{68E9FA2E-5FA8-46F2-A93D-D44BA91157E1}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe FirewallRules: [UDP Query User{A1AF2845-1969-496D-B63A-E9EEA9A944AF}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe ==================== Restore Points ========================= 22-12-2017 11:19:29 Installed DirectX 26-12-2017 11:12:23 Malwarebytes Anti-Rootkit Restore Point ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2017 01:30:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x2520 Faulting application start time: 0x01d37e685d9a7749 Faulting application path: bad_module_info Faulting module path: unknown Report Id: dab11714-4cae-4259-9bb0-71927b5bc458 Faulting package full name: Faulting package-relative application ID: Error: (12/26/2017 12:08:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x20f8 Faulting application start time: 0x01d37e6c2e8d268e Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: a3810e00-d84b-4272-a463-8ab77b37dc38 Faulting package full name: Faulting package-relative application ID: Error: (12/26/2017 12:08:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x500 Faulting application start time: 0x01d37e6c1cdddbfb Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 1daee968-724b-42b4-bfed-39fa26cf46c7 Faulting package full name: Faulting package-relative application ID: Error: (12/26/2017 12:08:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x5b4 Faulting application start time: 0x01d37e6c18679f07 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: ddd7169c-6d5f-49e4-be48-dce7137d84ec Faulting package full name: Faulting package-relative application ID: Error: (12/26/2017 11:14:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x001aa3b6 Faulting process id: 0x244c Faulting application start time: 0x01d37e64a7c7736b Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: cf3fba86-23fe-40fb-8ba6-e72a391f5fc3 Faulting package full name: Faulting package-relative application ID: Error: (12/26/2017 11:14:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/26/2017 11:14:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/26/2017 11:14:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/26/2017 11:14:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (12/26/2017 11:13:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LAClient.exe, version: 1.1.133.0, time stamp: 0x59962590 Faulting module name: LAClient.exe, version: 1.1.133.0, time stamp: 0x59962590 Exception code: 0xc0000409 Fault offset: 0x0000000000104f23 Faulting process id: 0x28e8 Faulting application start time: 0x01d37e647388550f Faulting application path: C:\Program Files\Logitech Gaming Software\LAClient\LAClient.exe Faulting module path: C:\Program Files\Logitech Gaming Software\LAClient\LAClient.exe Report Id: 1204a772-4df7-4fe3-b0d6-553b2dd6c4da Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (12/26/2017 11:14:55 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 11:04:59 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 10:28:22 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-12-26 18:23:53.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 18:23:53.349 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 18:08:06.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 18:08:06.517 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 18:07:42.356 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 18:07:42.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 17:51:22.595 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 17:51:22.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 17:38:06.494 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2017-12-26 17:38:06.493 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 38% Total physical RAM: 16341.87 MB Available physical RAM: 10128.14 MB Total Virtual: 18773.87 MB Available Virtual: 11237.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.5 GB) (Free:27.07 GB) NTFS Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:725.74 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ Edited December 26, 2017 by JaredNolan Link to post Share on other sites More sharing options...
Aura Posted December 27, 2017 ID:1194792 Share Posted December 27, 2017 Yeah it is back. Alright, run a new scan with MBAR and provide me the log afterwards. Link to post Share on other sites More sharing options...
JaredNolan Posted December 28, 2017 Author ID:1195025 Share Posted December 28, 2017 15 hours ago, Aura said: Yeah it is back. Alright, run a new scan with MBAR and provide me the log afterwards. Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2017.12.28.03 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.125.16299.0 Jared :: JAREDS-PC [administrator] 12/27/17 11:03:47 PM mbar-log-2017-12-27 (23-03-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 214302 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 90 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ba8ee401892e05670d60ca1aa57c43c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9d561519d8d2999d710507aa827fd12f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aa4938f6efbbcf675b41634a8e735aa6] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [01f2012da80273c32dde03ac2fd2ed13] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [53a0d8561f8b70c66a6146688879b749] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [549fb876a30747ef7114c9e636cbf10f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5b981816b3f7122461f01f924eb36e92] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [26cde64800aa70c6504ff4bce71a02fe] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dc6e34b446694a219985d4fae53e917] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45aed9552f7bd06683bc238cf60b966a] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c330e34b565465d1e0e6d1dfe1207d83] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf243cf25c4e39fd8c4b4e625ba607f9] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a94a9698d1d9d462f154beef738e936d] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd8131b2f7b0d292578af0157aa7c84] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [39ba3fefe1c995a1ed1bdad67d8423dd] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [12e162cc812954e247aab2fbbd4406fa] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8073c46a307a6ec8f376dfd0a06158a8] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [31c2ee40adfd79bdef3c5858de2319e7] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [50a3de5015950c2a738c5b54ed1431cf] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7d76db536149d6600bffbef1f60ba45c] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [03f0a9851595ad892889dbd63dc454ac] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fdf6939bb4f63600c55baf00e41dd828] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10e3161800aa91a5cb8dd2ddca37e21e] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [896ace6001a94fe7a984723f10f132ce] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [21d2032b09a1df57e22508a95ba6817f] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a44fcc62cfdb70c68e3c228cbc45837d] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd8939b9b0f4ee844e6e0d007fa0ff1] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ca753db23871f17fcb8af0026db11ef] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd867c7694131059ba13d7411f0bc44] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fef598962e7c9e989f161f90a958d22e] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [14df9f8fc6e4f343b53fbcf4827fed13] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [20d357d73c6e999dba0de0cf9b66ca36] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [73802b033b6f0d29da1b357bb64b31cf] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fcf78ba37c2ed75f9cb4ecc532cf18e8] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac4795993674ff37f49c3f72d829e020] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8d669797a00a231380875858da2714ec] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c231e04ee1c93105a0a2c4ec50b1f30d] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [24cf4ee0208a9d99e182ac056899e51b] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac4799958c1e181e578688264eb302fe] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [42b180ae4d5d60d61586aa044cb51de3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [787bb27ca901a49229710e9dde230df3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f5485a99a1010266dcd139bf110e917] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fcf771bda00a76c0b1ba555b956c41bf] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6291cb63d6d43105524c6749e21f3dc3] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8c67da5426849f97a18b6c44956c7987] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d3202c02aa001422de68535a22df7e82] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f54032b3971be78195dad045ea3fb05] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7e75ff2f39711224d8c4337a4db4619f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a35028061f8bcc6a957609a627da7f81] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [09eacc623e6c49edd7f485290af7e21e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c52e9d91eac00f27e1a41f90f1104fb1] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d61df43a8a2041f56ce56150000130d0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [63902b03a7032f070699dfd17f82d729] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c72c3ef06644ca6c8829bcf0758c6799] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [688b26086149e6500b34753a867b0ef2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d91a54da39719c9a06c00fa1a75ac040] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52a140ee9a10c96d14c3a30dfc05fe02] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [718272bc00aa0531172ebdf08a770cf4] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5c97cf5f5b4ff046d3cabaf6907110f0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e2116ec0feac5dd9d7315e526b96827e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5b9843eb802a26108b66654859a8b44c] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30c3c66847632b0b0663a00f659c57a9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [22d127078426fe3898934b65d62b7f81] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf24c6685f4bf73f629dfbb4b34e34cc] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [609342ec39713105f01ab9f6000117e9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d71c58d6cbdfdc5ae3cec0f17091817f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fff4949aa208d4622ff1b2fdd9281de3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e80ba28c2684e4528bcd208f0ef39f61] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [599a6bc37238ef4757d64c65c73a18e8] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d41fa48a9c0e6fc72cdbf6bbac554eb2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b93ae54918925cda1fab4c6228d9f808] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8a69e8469317979f37f3f2be0ff258a8] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f9fa1d119911cb6b5f551f906b9656aa] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [20d39e909218b0861a2238791ae7b14f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c92a82ace2c8b77fa70e05aa4fb2ac54] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [dd16eb436248b5818e6659576d9415eb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [698a65c941690e288443436ce21fd22e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca29d658327832046e8718988a7735cb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [668d8ca2b2f8a69089c71b965aa759a7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [21d255d96b3ffe38058be2cf4eb3669a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ca7e24c3b6f5adcb354a60ab05151af] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [757e0b233b6f42f486bc555bf20f817f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [03f0ce604b5f39fd63001c9522dfc63a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52a148e60aa055e1617cf8b646bb7c84] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8271c767337739fd8d0eb6f826db7b85] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c62dc26c7e2c85b1b6e46d3eb44d1de3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [38bbdd51affb2b0b3bff38765ca502fe] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bb381f0fc5e5f83e5912c8e88e73fd03] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a74ca08ec3e784b29b0304ac30d130d0] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [886b31fdb1f9979fda52644c88795fa1] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\TeamVieverService.dll (Backdoor.TeamViewer) -> Delete on reboot. [ea09b8763d6df73fbb2868a82bd8837d] C:\ProgramData\lock.dat (Backdoor.TeamViewer.Trace) -> Delete on reboot. [658e9b9348628da92c6eb697d22ea55b] C:\ProgramData\rwi.chad (Backdoor.TeamViewer.Trace) -> Delete on reboot. [7f7455d9eebc5bdb28c738d8ef14758b] Physical Sectors Detected: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted December 28, 2017 ID:1195092 Share Posted December 28, 2017 Okay I understand what's happening. MBAR isn't deleting some task, file and folder associated with the infection. I just reported that issue to the Research Team so they can address it. Give them a few and once they give me the okay, we'll try again (shouldn't be too long). Link to post Share on other sites More sharing options...
Aura Posted December 28, 2017 ID:1195099 Share Posted December 28, 2017 In the meantime, can you upload this file to VirusTotal, and post the report URL here? C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll Link to post Share on other sites More sharing options...
JaredNolan Posted December 28, 2017 Author ID:1195205 Share Posted December 28, 2017 10 hours ago, Aura said: In the meantime, can you upload this file to VirusTotal, and post the report URL here? C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll It says file not found Link to post Share on other sites More sharing options...
Aura Posted December 29, 2017 ID:1195236 Share Posted December 29, 2017 Let's try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
JaredNolan Posted December 29, 2017 Author ID:1195260 Share Posted December 29, 2017 5 hours ago, Aura said: Let's try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017 Ran by Jared (29-12-2017 01:37:10) Run:1 Running from C:\Users\Jared\Desktop Loaded Profiles: Jared (Available Profiles: Jared) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: VirusTotal: C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll;C:\Program Files\iPubster\iPubster.dll;C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION Task: {98202221-583C-4EC2-8687-384A73502623} - System32\Tasks\iPubster => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iPubster\iPubster.dll",OyULwQ <==== ATTENTION Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "VirusTotal: C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll" => not found "VirusTotal: C:\Program Files\iPubster\iPubster.dll" => not found "VirusTotal: C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll" => not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5C06278B-4A38-401B-B305-8393FA5D3B48} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C06278B-4A38-401B-B305-8393FA5D3B48}" => removed successfully C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jack Game Contacts Lease" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98202221-583C-4EC2-8687-384A73502623}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98202221-583C-4EC2-8687-384A73502623} => key not found "C:\WINDOWS\System32\Tasks\iPubster" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iPubster => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9B5509B3-509C-448B-B698-DDF29485FC5A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5509B3-509C-448B-B698-DDF29485FC5A}" => removed successfully C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON Stylus CX5000 XE" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 9986048 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38068023 B Java, Flash, Steam htmlcache => 280880227 B Windows/system/drivers => 7306064 B Edge => 10006654 B Chrome => 401651808 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 49926 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 297060 B Jared => 79647266 B RecycleBin => 6347658044 B EmptyTemp: => 6.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 01:37:30 ==== Link to post Share on other sites More sharing options...
Aura Posted December 29, 2017 ID:1195295 Share Posted December 29, 2017 Okay, now are you able to install and run a scan with Malwarebytes? Link to post Share on other sites More sharing options...
JaredNolan Posted December 29, 2017 Author ID:1195309 Share Posted December 29, 2017 2 hours ago, Aura said: Okay, now are you able to install and run a scan with Malwarebytes? Yes, thank you so much for your help Yuon, you have been very patient with me & I appreciate it. Link to post Share on other sites More sharing options...
Aura Posted December 29, 2017 ID:1195311 Share Posted December 29, 2017 No problem JaredNolan, you're welcome Can you run a last scan with FRST and provide me a fresh set of logs? I'll make sure that there's nothing left. Link to post Share on other sites More sharing options...
JaredNolan Posted December 29, 2017 Author ID:1195312 Share Posted December 29, 2017 1 hour ago, Aura said: No problem JaredNolan, you're welcome Can you run a last scan with FRST and provide me a fresh set of logs? I'll make sure that there's nothing left. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017 Ran by Jared (29-12-2017 10:34:35) Running from C:\Users\Jared\Desktop Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled) Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled) Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.) 7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT) Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.) Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - ) Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel) iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation) Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version: - ) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.) RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH) TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear) TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.) Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation) Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] () Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation) Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation) Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.) Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation) Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.) Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation) Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation) Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation) Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.) Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation) Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll 2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe 2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe 2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe 2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll 2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll 2017-12-29 10:28 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-12-29 10:28 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll 2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-09-08 20:15 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-10-19 14:58 - 2017-12-29 10:26 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll 2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL 2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll 2017-09-08 21:30 - 2017-12-29 10:27 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll 2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com 127.0.0.1 asedownloadgate.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 ladomainadeserver.com 127.0.0.1 www.wizzmonetize.com 127.0.0.1 gf.tools.avast.com There are 361 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg DNS Servers: 192.168.2.1 - 142.166.166.166 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{15722B42-B690
Recommended Posts