Jump to content

Program Won't Open


Recommended Posts

Hi JaredNolan :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

6 hours ago, Aura said:

Hi JaredNolan,

Are you still with me?

6 hours ago, Aura said:

Hi JaredNolan,

Are you still with me?

Yes I apologize I went away for Christmas but I'm here now!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by Jared (administrator) on JAREDS-PC (25-12-2017 17:47:06)
Running from C:\Users\Jared\Desktop
Loaded Profiles: Jared (Available Profiles: Jared)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegisterService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() D:\tunnelbear\TunnelBear.Maintenance.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) D:\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(juvlarN) C:\Users\Jared\Desktop\vibranceGUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegister.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
() C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [MSIRegister] => D:\MSIRegister\MSIRegister.exe [1258448 2016-11-09] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [vibranceGUI] => C:\Users\Jared\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN)
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-09-08]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CAM.lnk [2017-10-03]
ShortcutTarget: CAM.lnk -> C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2017-09-08]
ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\autorun.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{c1579510-25d2-4d07-9375-1951d7a37481}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-09-09] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default [2017-12-25]
CHR Extension: (Slides) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Sheets) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
CHR Extension: (AdBlock) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"DrToolKrl" => service could not be unlocked. <==== ATTENTION

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32464 2017-08-10] (Corsair Components, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-11-05] (EasyAntiCheat Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2406576 2017-03-29] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2010848 2016-11-17] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) [File not signed]
R2 MSIREGISTER_MR; D:\MSIRegister\MSIRegisterService.exe [132048 2016-10-07] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TunnelBearMaintenance; D:\tunnelbear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-10] (Microsoft Corporation)
S2 dVyuxKTDYi1p Updater; C:\Program Files (x86)\dVyuxKTDYi1p Updater\dVyuxKTDYi1p Updater.exe [X]
S2 SwfkeW1apKPM Updater; C:\Program Files (x86)\SwfkeW1apKPM Updater\SwfkeW1apKPM Updater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-12-25] (CPUID)
R5 DrToolKrl; C:\Windows\System32\Drivers\DrToolKrl.sys [62064 2017-12-20] () [File not signed]
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-29] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
R1 MpKsl3e42eeae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9C79173-B74C-40EB-8E52-9FFB4FDC62C0}\MpKsl3e42eeae.sys [58120 2017-12-21] (Microsoft Corporation)
R1 MpKslf5855aff; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6747C549-714B-4959-AEBB-9D7CEC029FF6}\MpKslf5855aff.sys [58120 2017-12-25] (Microsoft Corporation)
S3 NTIOLib_1_0_C; D:\MSI MOBO\NTIOLib_X64.sys [11888 2011-06-28] (MSI) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [89440 2016-11-17] (Rivet Networks, LLC.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S1 thwseyva; C:\WINDOWS\system32\drivers\thwseyva.sys [72816 2017-12-25] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [14544 2017-12-22] (OpenLibSys.org)
R5 DrToolKrl;  <==== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 17:47 - 2017-12-25 17:47 - 000024484 _____ C:\Users\Jared\Desktop\FRST.txt
2017-12-25 17:46 - 2017-12-25 17:47 - 000000000 ____D C:\FRST
2017-12-25 17:46 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Desktop\FRST64.exe
2017-12-25 17:45 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Downloads\FRST64.exe
2017-12-25 17:32 - 2017-12-25 17:32 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\thwseyva.sys
2017-12-22 11:19 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-22 11:19 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-22 11:18 - 2017-12-22 11:18 - 032227328 _____ C:\Users\Jared\Downloads\EpicInstaller-7.0.0.msi
2017-12-22 10:11 - 2017-12-22 10:12 - 000003586 _____ C:\Users\Jared\Desktop\Rkill.txt
2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill (1).exe
2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Desktop\rkill (1).exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Downloads\ESETPoweliksCleaner.exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000000022 _____ C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe_20171222.101115.10272.zip
2017-12-22 10:06 - 2017-12-22 10:06 - 000982292 _____ C:\WINDOWS\Minidump\122217-6625-01.dmp
2017-12-22 10:06 - 2017-12-22 10:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-22 10:04 - 2017-12-22 10:06 - 1090003738 _____ C:\WINDOWS\MEMORY.DMP
2017-12-21 21:46 - 2017-12-21 21:46 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0 (1).zip
2017-12-21 21:45 - 2017-12-21 21:45 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-21 21:45 - 2017-12-21 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-21 21:45 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-21 21:44 - 2017-12-21 21:44 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (2).exe
2017-12-21 20:30 - 2017-12-21 20:30 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0 (1).exe
2017-12-21 20:29 - 2017-12-21 20:29 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0.exe
2017-12-21 19:05 - 2017-12-21 22:13 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-21 19:05 - 2017-12-21 21:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-21 19:05 - 2017-12-21 19:05 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-21 19:05 - 2017-12-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-21 19:04 - 2017-12-21 19:05 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-21 19:04 - 2017-12-21 19:04 - 036251728 _____ (Adlice Software ) C:\Users\Jared\Downloads\setup.exe
2017-12-21 18:47 - 2017-12-11 11:14 - 000000000 ____D C:\Users\Jared\Downloads\integrity_verification
2017-12-21 18:47 - 2017-12-11 11:06 - 000000000 ____D C:\Users\Jared\Downloads\tron
2017-12-21 18:46 - 2017-12-21 18:47 - 603933879 _____ (Igor Pavlov) C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).exe
2017-12-21 18:46 - 2017-12-21 18:46 - 000185196 _____ C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).torrent
2017-12-21 18:40 - 2017-12-21 20:32 - 000000000 ____D C:\AdwCleaner
2017-12-21 18:40 - 2017-12-21 18:40 - 008172032 _____ (Malwarebytes) C:\Users\Jared\Downloads\AdwCleaner.exe
2017-12-21 18:39 - 2017-12-21 18:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe
2017-12-21 18:35 - 2017-12-21 18:35 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0.zip
2017-12-21 18:33 - 2017-12-21 18:33 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2017-12-21 18:33 - 2017-12-21 18:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-21 18:22 - 2017-12-21 21:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-21 18:22 - 2017-12-21 21:45 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-21 18:21 - 2017-12-21 18:22 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-21 07:08 - 2017-12-21 07:08 - 000016778 _____ C:\WINDOWS\System32\Tasks\iPubster
2017-12-20 21:08 - 2017-12-20 21:08 - 000016872 _____ C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE
2017-12-20 20:53 - 2017-12-20 20:53 - 000016876 _____ C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease
2017-12-20 20:24 - 2017-12-20 20:24 - 000000000 _____ C:\autoexec.bat
2017-12-20 20:14 - 2017-12-20 20:14 - 000000000 ___HD C:\Users\Jared\MicrosoftEdgeBackups
2017-12-20 20:11 - 2017-12-22 10:06 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-20 19:45 - 2017-12-20 19:45 - 001129816 _____ (Google Inc.) C:\Users\Jared\Downloads\ChromeSetup (1).exe
2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ C:\ProgramData\TeamVieverService.dll
2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ C:\ProgramData\lock.dat
2017-12-20 19:41 - 2017-12-21 18:44 - 000000024 _____ C:\ProgramData\rwi.chad
2017-12-20 19:40 - 2017-12-22 10:06 - 007419393 _____ C:\WINDOWS\nvdia.exe
2017-12-20 19:40 - 2017-12-21 19:31 - 000000000 ____D C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050
2017-12-20 19:40 - 2017-12-21 07:10 - 000000000 ____D C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea
2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Roaming\cc7c59c5aa2a4253a93829072f71de90
2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636
2017-12-20 19:40 - 2017-12-20 20:03 - 000000000 ____D C:\Program Files (x86)\foldershare
2017-12-20 19:40 - 2017-12-20 19:46 - 000000000 ____D C:\ProgramData\6a5eb53d821247cc87df067b567c15d3
2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\Users\Jared\AppData\Local\f60daabad01942e0afb138f0b7cc7650
2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\ProgramData\de5f5c4699ea479f85bf44bc7cde3c3a
2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ C:\Users\Jared\AppData\Local\installer.dat
2017-12-20 19:40 - 2017-12-20 19:40 - 000062064 _____ C:\WINDOWS\system32\Drivers\DrToolKrl.sys
2017-12-20 19:40 - 2017-12-20 19:40 - 000016884 _____ C:\WINDOWS\System32\Tasks\Chronix MP3G-CE Extractor
2017-12-20 19:40 - 2017-12-20 19:40 - 000000000 ____D C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62
2017-12-20 17:58 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Jared\dawntained
2017-12-20 17:58 - 2017-12-20 17:58 - 000095290 _____ C:\Users\Jared\Downloads\dawntained.jar
2017-12-20 16:38 - 2017-12-21 18:46 - 000000000 ____D C:\Users\Jared\AppData\LocalLow\uTorrent
2017-12-18 21:29 - 2017-12-18 21:29 - 058982477 _____ C:\Users\Jared\Downloads\Days_Before_Rodeo-(DatPiff.com).zip
2017-12-17 21:57 - 2017-12-17 21:57 - 000000000 ____D C:\.zonica_cache_32
2017-12-17 21:56 - 2017-12-17 21:57 - 000000000 ____D C:\Users\Jared\.zonica_32
2017-12-17 21:56 - 2017-12-17 21:56 - 000195413 _____ C:\Users\Jared\Downloads\Zonica.jar
2017-12-17 21:36 - 2017-12-20 19:42 - 000000000 ____D C:\Users\Jared\AppData\Roaming\TS3Client
2017-12-17 21:35 - 2017-12-17 21:35 - 000000680 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-12-17 21:35 - 2017-12-17 21:35 - 000000630 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-12-17 21:34 - 2017-12-17 21:34 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Jared\Downloads\TeamSpeak3-Client-win64-3.1.7.exe
2017-12-13 20:01 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-13 20:01 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 19:20 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 19:20 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 19:20 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 19:20 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 19:20 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:20 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:20 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:20 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 19:20 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:20 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 19:20 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:20 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:20 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:20 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 19:20 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 19:20 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 19:20 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 19:20 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 19:20 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 19:20 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:20 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 19:20 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 19:20 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:20 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 19:20 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:20 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 19:20 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-13 19:20 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-13 19:20 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:20 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:20 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:20 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-13 19:20 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:20 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:20 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-13 19:20 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 19:20 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:20 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:20 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-13 19:20 - 2017-12-07 17:29 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterShim.dll
2017-12-13 19:20 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:20 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 19:20 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 19:20 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:20 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 19:20 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:20 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:20 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 19:20 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:20 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:20 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:20 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:20 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 19:20 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 19:20 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 19:20 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 19:20 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:20 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 19:20 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:20 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:20 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:20 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:20 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 19:20 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 19:20 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:20 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-13 19:20 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:20 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:20 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:20 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:20 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 19:20 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-13 19:20 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-13 19:20 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 19:20 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 19:20 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 19:20 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 19:20 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:20 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 19:20 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:20 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:20 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:20 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:20 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 19:20 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:20 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:20 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 19:20 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:20 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 19:20 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:20 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:20 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-12-13 19:20 - 2017-11-26 08:21 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-12-13 19:20 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 19:20 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 19:20 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:20 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:20 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:20 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:20 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 19:20 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:20 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:20 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:20 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:20 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:20 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:20 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 19:20 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:20 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:20 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:20 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:20 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:20 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 19:20 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:20 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:20 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:20 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:20 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:20 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:20 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:20 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 19:20 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:20 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:20 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 19:20 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 19:20 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:20 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:20 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:20 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:20 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:20 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:20 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:20 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:20 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:20 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:20 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 19:20 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:20 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:20 - 2017-11-26 05:57 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-12-13 19:20 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:20 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:20 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:20 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:20 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:20 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 19:20 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:20 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:20 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:20 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:20 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 19:20 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:20 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:20 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:20 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-13 19:20 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:20 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-11 17:03 - 2017-12-11 17:04 - 000000000 ____D C:\Users\Jared\Desktop\CSGO
2017-12-11 17:03 - 2017-12-11 17:03 - 000000000 ____D C:\Users\Jared\Desktop\Witcher Mods
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-02 18:45 - 2017-12-02 18:45 - 000000000 ____D C:\Program Files (x86)\Razer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 17:42 - 2017-09-08 19:55 - 000000000 ____D C:\Users\Jared\AppData\Local\CrashDumps
2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-25 17:32 - 2017-11-24 20:40 - 000003492 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-12-25 17:32 - 2017-11-07 21:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DA44643-B285-4279-864B-5A82909EE1D9}
2017-12-25 17:32 - 2017-11-07 21:06 - 000003330 _____ C:\WINDOWS\System32\Tasks\CAM
2017-12-25 17:32 - 2017-09-11 11:42 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-25 17:30 - 2017-09-10 15:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-12-25 17:29 - 2017-09-08 21:03 - 000000000 ____D C:\ProgramData\LogiShrd
2017-12-25 17:29 - 2017-09-08 20:15 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-12-22 10:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-22 10:10 - 2017-11-07 21:12 - 001445180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-22 10:06 - 2017-11-07 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-22 10:06 - 2017-11-07 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-22 10:06 - 2017-11-05 15:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-12-22 10:06 - 2017-09-08 20:09 - 000026192 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-12-22 10:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared
2017-12-22 09:29 - 2017-09-10 16:22 - 000007597 _____ C:\Users\Jared\AppData\Local\resmon.resmoncfg
2017-12-21 22:14 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-21 21:29 - 2017-10-28 10:44 - 000000000 ____D C:\Users\Jared\Downloads\ASSASSINS CREED ORIGINS-FULL UNLOCKED RePack
2017-12-21 21:27 - 2017-09-08 21:14 - 000000000 ____D C:\ProgramData\CLink4
2017-12-21 19:31 - 2017-10-07 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-12-21 19:31 - 2017-09-16 21:34 - 000000000 ____D C:\Users\Jared\AppData\Roaming\uTorrent
2017-12-21 19:31 - 2017-09-09 22:24 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2017-12-21 19:22 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-20 21:15 - 2017-09-08 20:19 - 000002340 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-20 20:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-20 19:45 - 2017-11-07 21:06 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-20 19:45 - 2017-11-07 21:06 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-20 19:40 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-12-20 16:38 - 2017-11-24 20:40 - 000000000 ___RD C:\Users\Jared\iCloudDrive
2017-12-19 08:17 - 2017-09-08 19:38 - 000000000 ____D C:\Users\Jared\AppData\Local\NVIDIA
2017-12-17 20:06 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-15 20:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 19:16 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-14 19:16 - 2017-09-21 12:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-13 20:01 - 2017-11-07 21:08 - 000000000 ___RD C:\Users\Jared\3D Objects
2017-12-13 20:01 - 2017-08-30 20:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 20:00 - 2017-11-07 21:02 - 000398592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 20:00 - 2017-09-29 09:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2017-12-13 20:00 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-13 19:22 - 2017-09-09 13:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 19:21 - 2017-10-10 19:12 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 19:21 - 2017-09-09 13:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 19:20 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-12-13 19:20 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-12-13 19:20 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-12-13 19:20 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-12-13 17:35 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared\AppData\Local\Packages
2017-12-12 07:32 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\discord
2017-12-11 23:37 - 2017-11-17 18:52 - 000002229 _____ C:\Users\Jared\Desktop\Discord.lnk
2017-12-11 23:37 - 2017-11-17 18:52 - 000000000 ____D C:\Users\Jared\AppData\Local\Discord
2017-12-11 23:37 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-10 20:24 - 2017-10-26 15:32 - 000000000 ____D C:\Program Files\Epic Games
2017-12-08 20:03 - 2017-09-30 12:55 - 000000000 ____D C:\Users\Jared\AppData\Local\UnrealEngine
2017-12-08 17:37 - 2017-11-07 21:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3664622787-202345870-56879904-1001
2017-12-08 17:37 - 2017-08-30 20:16 - 000002359 _____ C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-08 17:37 - 2017-08-30 20:16 - 000000000 ___RD C:\Users\Jared\OneDrive
2017-12-04 15:20 - 2017-09-08 22:32 - 000000000 ____D C:\Users\Jared\Documents\The Witcher 3
2017-11-26 00:05 - 2017-11-05 14:58 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ () C:\ProgramData\lock.dat
2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ () C:\ProgramData\TeamVieverService.dll
2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ () C:\Users\Jared\AppData\Local\installer.dat
2017-09-10 16:22 - 2017-12-22 09:29 - 000007597 _____ () C:\Users\Jared\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-12-20 19:40 - 2017-12-20 19:40 - 000920448 _____ () C:\Users\Jared\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 000024612 _____ (Valssaamontie 53) C:\Users\Jared\AppData\Local\Temp\capi.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 000016384 _____ (noOrg) C:\Users\Jared\AppData\Local\Temp\cubesta.exe
2017-12-21 19:05 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\Users\Jared\AppData\Local\Temp\dllnt_dump.dll
2017-12-20 19:39 - 2017-12-20 19:39 - 003179374 _____ () C:\Users\Jared\AppData\Local\Temp\golm.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 001792069 _____ () C:\Users\Jared\AppData\Local\Temp\pi.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\DrToolKrl.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-20 20:50

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Jared (25-12-2017 17:47:28)
Running from C:\Users\Jared\Desktop
Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled)
Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled)
Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared
WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT)
Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden
CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - )
Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version:  - )
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.)
Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] ()
Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION
Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.)
Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {98202221-583C-4EC2-8687-384A73502623} - System32\Tasks\iPubster => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iPubster\iPubster.dll",OyULwQ <==== ATTENTION
Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION
Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation)
Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {B53677B8-DBC7-4C52-8E51-89D0BEFA52E3} - System32\Tasks\Chronix MP3G-CE Extractor => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Chronix MP3G.CE Extractor\Chronix MP3G.CE Extractor.dll",rQHOFWty
Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-20 20:53 - 2015-06-01 07:05 - 002464256 _____ () C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll
2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-08-18 03:41 - 2017-08-18 03:41 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-08-18 03:41 - 2017-08-18 03:41 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll
2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe
2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
2017-12-05 18:59 - 2017-12-05 18:59 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-10-19 14:58 - 2017-12-25 17:29 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL
2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll
2017-09-08 21:30 - 2017-12-25 17:32 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll
2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll
2017-12-11 23:37 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 07:32 - 2017-12-12 07:32 - 001886712 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001773560 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-11 23:37 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 23:37 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 07:32 - 2017-12-12 07:32 - 009802232 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001505784 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 07:32 - 2017-12-12 07:32 - 000513016 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 07:32 - 2017-12-12 07:32 - 002662904 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001517048 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 07:32 - 2017-12-12 07:32 - 002749944 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\thwseyva.sys:changelist [918]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 www.wizzmonetize.com
127.0.0.1    gf.tools.avast.com

There are 361 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{15722B42-B690-46BA-8276-C7F7988A0D2F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{3F75556A-628B-4E80-A56B-0F94AD29A3AA}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{CC714624-5093-4AA1-94C7-F80CB680CFF0}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{79B3413C-01A2-40DA-857C-3B57F87AEA70}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{BE8CAF66-CAF5-4014-9B98-E15BB25EDB79}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{6AAF6D99-D01C-4925-8EC6-5A1ED9F40887}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{0ECA6D84-E3AA-494A-9711-EC49195E0AF6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{98BBB5DE-AE16-4EF1-BFDA-D0623BF1543A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{9DC70EB6-DC6F-480D-BEB9-E8C4FECEFF36}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{4A104148-BAEB-4B86-8307-3ECC11D15CEE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{08C61A05-0241-4CB0-B35B-6C834CD8DB03}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{97447B31-69F7-4681-87FE-C81B9D162A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{C3056B4A-02A5-45FB-BDA4-37B286ECAEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{32207B8D-E4CE-4110-AD03-DB6EF7AFC725}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{F78EAF6F-C672-4E3E-980F-486D94C3743F}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{B3255CE9-A583-4502-B8A3-A33F100B0EA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB403D97-2D30-4B92-ACB1-CCF64B1FA8F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2333B732-163C-419E-B859-EDFC0856DA24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A7356D4A-462E-4785-A587-603095855201}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AFD26F73-F1A7-4A72-B3C6-15F106829C17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1364CAEA-CF6A-4960-A45A-702899980CE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1D11E886-5067-4749-B451-BF9C7FA38ED2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6CCC7268-8F8E-4BEB-9AA8-4449E01F6B65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1204D603-9107-48FC-B8A8-9DBCE56ACD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7CB9BE80-CBF4-440F-8E32-7602BE299D9E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29F7EBB1-0EFB-45A0-995F-58319EA5980E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{233E32A2-6493-4A73-9EFA-A66B07413EE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F04A6C02-B3D8-4CD6-B6A0-D730C4E7E0E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5105E693-BC5A-4722-BCAF-9B91840E37F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F42BE6D-06F8-4A98-B30E-CBE7DDA9CA16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F316B13-0EE9-4515-8C8B-2BD036A2AC00}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C6CB56EC-BDFC-43B3-92F8-6DC3BB59AD7A}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DF9818AC-D700-4856-A460-556F1BE5E655}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A62263AA-6977-4AB7-8B5B-4C4585667046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2F3BAA9B-31C1-4701-837D-71663C4D859E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2B26CE4B-BD88-43AE-8105-1776C8774408}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D760608C-0D70-411E-A635-34BD2C1EA8E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{28A09357-86E1-4493-A723-691A33D6EC21}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [UDP Query User{E3D72C53-1F89-4FDA-8BA6-FBC429DBFD2B}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [{5587831F-79F3-43F8-B786-D90A9584B508}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{740AEE29-EE44-4E8B-8CEE-5B2A3AED6402}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9540B722-83BE-4400-A188-99C070E966DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BA8F7934-7661-4FAE-A5EF-980484159227}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{10DC75AE-5E37-4D56-930C-0E97E2FE9249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EEEA6290-F22F-4604-82EF-478AC2B01B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{66182FDD-45E5-4C7C-B7E7-0A78754D6285}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4312BE95-5C74-4F30-937C-5FE9EC084721}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{78D9C1C6-7436-417C-924A-2460CF6E471B}] => (Allow) LPort=9143
FirewallRules: [{7DDDA7E0-F00F-4E1D-9376-9C94A12C5EBB}] => (Allow) LPort=2333
FirewallRules: [{0F8BC471-74CF-4000-AC3C-A670033FBC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{65649B17-3007-45EC-9908-CAF317E61840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{46A68C26-80D5-4016-85F2-F729A199AC35}] => (Allow) D:\iTunes.exe
FirewallRules: [{04683E3C-0EA3-4C85-80BA-F0A58A2FFEAA}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{BD51FDF0-0390-4E68-BF27-4895AE956656}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{8D037296-80EC-4091-B130-3DE36B9F09F6}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{D3687704-2F1B-483A-9D8A-415DBA9B491A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CA4B22A9-7278-4B8B-A7DA-724F6F31208B}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B1F5F306-CECE-4DC0-BA27-971E3D5F03FF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B3D3C48C-A439-4BCF-8B7A-F287C3E42C9C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{D7A82F5C-B8C4-4904-9828-55AA6D011144}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{68E9FA2E-5FA8-46F2-A93D-D44BA91157E1}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [UDP Query User{A1AF2845-1969-496D-B63A-E9EEA9A944AF}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe

==================== Restore Points =========================

22-12-2017 11:19:29 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2017 05:42:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x2230
Faulting application start time: 0x01d37dd1b24ce473
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 14a2089c-4844-47a5-abf7-cfe1f3c40666
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/25/2017 05:32:17 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (12/25/2017 05:31:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/25/2017 05:30:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/25/2017 05:30:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/25/2017 05:30:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/25/2017 05:29:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (12/22/2017 10:12:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x6b4
Faulting application start time: 0x01d37b3741c215cc
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 2e6bfd21-ed28-49ca-b381-2442bff4e2b4
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/22/2017 10:07:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/22/2017 10:07:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (12/25/2017 05:29:47 PM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2017 05:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2017 11:21:19 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/22/2017 10:06:12 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2017 10:06:10 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8038e0896c1, 0xffffee81a11962d8, 0xffffee81a1195b20). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 75b86667-1d87-4485-8599-2c5c44589298.

Error: (12/22/2017 10:06:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2017 10:06:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-12-25 17:44:29.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:44:29.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:44:27.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:44:27.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:33:06.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:33:06.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:32:50.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:32:50.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:32:40.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-25 17:32:40.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 26%
Total physical RAM: 16341.87 MB
Available physical RAM: 11953.8 MB
Total Virtual: 18773.87 MB
Available Virtual: 13809.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.5 GB) (Free:30.43 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:726.13 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.26.03
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.125.16299.0
Jared :: JAREDS-PC [administrator]

12/26/17 11:07:53 AM
mbar-log-2017-12-26 (11-07-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 214220
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 93
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [76b5d658f4b6db5bf1d9812bdd24c13f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5ecdfc32abff6dc944b64f61f60b36ca]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30fbfa34505a1224f32d3d701ae729d7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ed3e4ae4acfef73fefa04f5f7988d42c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aa81240ac3e757dfb49bc0ee22dfe31d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c368b27cb1f937ff15f4713ec63b08f8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a883ad81723893a39c3919974db452ae]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ddee24cc5e5cc6aa97a0ba5c53c52ae]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d655909ebeec4aecc4712b8128d91be5]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a68580aef1b9c96d0ab905a99a67d42c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e28da1aa0072c4b397d0e0f110ac54]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1e0daa84abfff640b4a7cce435cc58a8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [da5132fc6446c76fd4f5179518e9f40c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7caf86a89b0f65d122ffc8e8c33ea957]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a982d7577139082e0389f2bd8a7703fd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52d9121cb4f655e191e41f8e0bf609f7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [290283abebbf75c1ba330aa4837e6b95]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ec3faf7f74361e189f10cce3bf42f10f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [75b6e04eeebc3afc077c0ca358a9629e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bf6c012ddcce90a61e700da1e51c0df3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0a21b777139788ae4ee74e630ef3cc34]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4be0ce60466451e5fda70ba348b9748c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4cdf34fa2387fc3a6a725f4f956ca858]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8d9e3af4eebc62d4308103adba472dd3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a58616188b1fda5cdcaff1bf4ab79b65]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [44e79b9307a3f83e6be3f4ba7091c53b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [57d47eb04a604aec7a34f7b8d22f1ee2]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f8c46e85258ca6cb3854f60b64b39c7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [04270925a208aa8c6957248c60a1d729]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [230853dbbcee989e0732119ed32e7a86]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2902d856fdad95a16117ae02c53c1be5]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8c9f78b606a4ea4c76d5e5ca2ad754ac]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2803ba7425852f07b7c2327e818040c0]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0427d35bb2f875c190445d534eb3fb05]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [89a2b777bceeb581f71d3f7206fb45bb]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [34f7a6884664f73f4c3ff2bd43be4cb4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [200b0826901ad36300c6bff04fb2c937]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d556da54cfdbdf5724c390209170916f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7dae6ac4604abe781d441d919e633cc4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e231fdc1e9fe3875aa288640c104fc]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9e8d7fafaefc4bebc05e1398c73a5da3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [121966c874367cba12acaffe778aac54]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8aa1e14d95150a2c21ce28871ae79070]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f03bca64d5d5be784bd7cce4ef1217e9]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3bf04ce2e4c6280e7937713e31d060a0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1d0e1a1458522b0b5377416bd13016ea]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [46e5f13dc0ea270fa357288858a9af51]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dfe3af4ecbeaf87eb35c7e68e73c739]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf5c4fdf01a94fe7fe918529d62b1fe1]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2308cf5fa307e74fec638e20e51c6799]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [55d63bf32585c76f09004b6458a98878]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e4473fefb1f94de910c5d6dabc45e917]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e04b2806109ae056df440aa6867b6799]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c2693fef8a20072f5dd89814c63bdd23]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6bc0d856b7f3de58a221ac0251b03ac6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f2399896d5d5092da7a3c8e85da4f709]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [32f91717238793a32d2e40706b96c040]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d15a6bc3b2f83105ab1ecae28180936d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1a11d7575e4c072fd05110a025dc21df]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c06bdd51664478be7a12a40b9d64639d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c06b5fcf7e2ca78f90e5525bef12f30d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ce5d121cf6b455e15994515dfd04ae52]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca61a589f8b2ac8a3f70a80709f88977]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30fbc569eebce35396ede5caf40d7e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7bb0a48a5c4e67cf99f5edc157aa39c7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fb306ac45e4cf6401124ad0405fcbd43]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [be6d99957e2ccb6b792be8c6ac556799]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [66c588a6a00a8aac9f3decc232cf6b95]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [49e267c74d5da591b2ffbcf4ad54956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fd2ea48a65452f07800ba70907fa50b0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ab806bc32d7df93d3915c1ed9d64ea16]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d754bd71e5c51b1bebc3c1eea35e07f9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [82a97ab49a1087af5fd907a8c73a2dd3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9596ba744e5cdb5b526e10a027da33cd]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ed3e88a64763dc5a4beea609ab5614ec]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [81aa88a6901ac3733f39e4cca35e5ba5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a28969c509a10d297bd06748c0413ec2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7fac40ee04a65fd7ea8fd4dcd42d10f0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a28982ac83272511c70d7e3210f117e9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [28039e908426f5416ca8baf7669b827e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0a211b13b2f81f17503ba00f857c58a8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9299cf5fa20896a0c105b6f959a83ec2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b378ca642d7dd16527c04b6504fde21e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c3689698f5b5bf772d34f4ba6f9251af]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [df4cce60a109191d57c8cfdf60a1e818]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f833fe303773e056948a901b06fb7e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45e6bc72b9f184b2c9f5dad3e21f3ac6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [929970be5b4ff145955a6748936ec040]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7bb062cc2e7cfb3bb969911fd52c6b95]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c665949a7634d660ad03baf5639ea35d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrToolKrl (Rootkit.WeaponX) -> Delete on reboot. [210acc62bbef4aecfaf1577d7091d927]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DVYUXKTDYI1P UPDATER (Adware.DNSUnlocker.Generic) -> Delete on reboot. [969559d512981f176dcfb0afaa56c53b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SWFKEW1APKPM UPDATER (Adware.DNSUnlocker.Generic) -> Delete on reboot. [eb400c221298da5c7bc1332cc8389e62]

Registry Values Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dVyuxKTDYi1p Updater|ImagePath (Adware.DNSUnlocker.Generic) -> Data: C:\Program Files (x86)\dVyuxKTDYi1p Updater\dVyuxKTDYi1p Updater.exe -> Delete on reboot. [969559d512981f176dcfb0afaa56c53b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SwfkeW1apKPM Updater|ImagePath (Adware.DNSUnlocker.Generic) -> Data: C:\Program Files (x86)\SwfkeW1apKPM Updater\SwfkeW1apKPM Updater.exe -> Delete on reboot. [eb400c221298da5c7bc1332cc8389e62]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9]
C:\ProgramData\6a5eb53d821247cc87df067b567c15d3 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080]
C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5]
C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a]
C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818]
C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7]

Files Detected: 33
C:\WINDOWS\SYSTEM32\drivers\DrToolKrl.sys (Rootkit.WeaponX) -> Delete on reboot. [3608fce69e5e1edbcef60ab0effe2c92]
C:\Program Files (x86)\foldershare\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [909bfd31e1c985b13f2289f5c041dd23]
C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll (Trojan.Wdfload.TskLnk) -> Delete on reboot. [ce5d49e51d8d61d5d0c5496b06faa957]
C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll (Trojan.Wdfload.TskLnk) -> Delete on reboot. [f536200ec4e6ca6cff962b89e71954ac]
C:\Users\Jared\AppData\Local\Temp\CSMEE05.tmp (Adware.PremierOpinion) -> Delete on reboot. [280384aae3c746f05779387b817fd927]
C:\Users\Jared\AppData\Local\Temp\iaqjthry.lql\data.exe (Adware.FastDataX) -> Delete on reboot. [45e640eea802d363b69ae21fdf24ed13]
C:\Users\Jared\AppData\Local\Temp\buqs1b4y.hw2\setup.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [8e9d0a247c2e6dc9c98df0ce3ec3ae52]
C:\Users\Jared\AppData\Local\Temp\pwdim3z1.og3\setup.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [56d5b7775f4b69cdc492ecd28879fb05]
C:\Users\Jared\AppData\Local\Temp\5xeonz4k.h3s\data.exe (Adware.FastDataX) -> Delete on reboot. [f536fb33802a70c677d946bbfd06837d]
C:\Users\Jared\AppData\Local\Temp\a2shzss5.v25\data.exe (Adware.FastDataX) -> Delete on reboot. [cd5e72bcb3f78fa7da7604fd32d1fd03]
C:\Users\Jared\AppData\Local\Temp\jnswsmsi.jv0\data.exe (Adware.FastDataX) -> Delete on reboot. [69c26ac47535e35328287889b84b7987]
C:\Users\Jared\AppData\Local\Temp\is-6PFHL.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [7cafd05ef7b3d26424ccd6e58977718f]
C:\Users\Jared\AppData\Local\Temp\is-EE5FT.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [a18a7faf2c7e64d2e709308bb74922de]
C:\Users\Jared\AppData\Local\Temp\is-HLVB6.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [082335f93179d165ee020dae07f96799]
C:\Users\Jared\AppData\Local\Temp\is-NNCIU.tmp\ksjh.dll (Adware.Adposhel) -> Delete on reboot. [fe2dd8566a40d264da169c1f01ff21df]
C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9]
C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\QRLVCHCTYG.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9]
C:\Users\Jared\AppData\Roaming\8614d1d1a79745518682f3950205d8ea\QRLVCHCTYG.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c269022c515984b2fcc52e904bb617e9]
C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080]
C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\TMCILZUEKL.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080]
C:\ProgramData\6a5eb53d821247cc87df067b567c15d3\TMCILZUEKL.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [7ab10e200e9c4aecdee309b580818080]
C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5]
C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\DWAYUKPXKE.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5]
C:\ProgramData\a360b3d8c7bc4907a2081c9e5f034050\DWAYUKPXKE.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c9621c121793270f4b764e70b8494bb5]
C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a]
C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\ZHABZMXIPA.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a]
C:\Users\Jared\AppData\Local\Temp\578eca72b4b04dac8247805adc59e533\ZHABZMXIPA.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [c16ac46a6644e353f3b32c93ea17d62a]
C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818]
C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\DPUNCDMWQM.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818]
C:\Users\Jared\AppData\Local\29cf1b074a8448a6a2546dbd0a92be62\DPUNCDMWQM.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [bc6f002edad0270f9616fdc807fae818]
C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7]
C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\VFKZTIAWJM.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7]
C:\Users\Jared\AppData\Local\6e846b4bc3f64683ad9e2a4e19907636\VFKZTIAWJM.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [85a62ffff1b9f541cae2a91ccf3219e7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Awesome! MBAR got rid of the main infection. Now let's see if Malwarebytes detects anything else.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites

1 hour ago, Aura said:

Awesome! MBAR got rid of the main infection. Now let's see if Malwarebytes detects anything else.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

 

The Program still will not open

Link to post
Share on other sites

2 hours ago, Aura said:

Can you run a new scan with FRST and provide me a fresh set of logs? Seems like the main infection (CertLock) came back, despite MBAR removing it.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Jared (administrator) on JAREDS-PC (26-12-2017 18:26:52)
Running from C:\Users\Jared\Desktop
Loaded Profiles: Jared (Available Profiles: Jared)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegisterService.exe
() D:\tunnelbear\TunnelBear.Maintenance.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) D:\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(juvlarN) C:\Users\Jared\Desktop\vibranceGUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Micro-Star INT'L CO., LTD.) D:\MSIRegister\MSIRegister.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe
() C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
() C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\Jared\AppData\Local\Discord\app-0.0.299\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [MSIRegister] => D:\MSIRegister\MSIRegister.exe [1258448 2016-11-09] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [vibranceGUI] => C:\Users\Jared\Desktop\vibranceGUI.exe [797184 2017-06-08] (juvlarN)
HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-09-08]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CAM.lnk [2017-10-03]
ShortcutTarget: CAM.lnk -> C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2017-09-08]
ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\autorun.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{c1579510-25d2-4d07-9375-1951d7a37481}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-09-09] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-09-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-09-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-09-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default [2017-12-26]
CHR Extension: (Slides) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Sheets) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
CHR Extension: (AdBlock) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32464 2017-08-10] (Corsair Components, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-11-05] (EasyAntiCheat Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2406576 2017-03-29] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2010848 2016-11-17] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
R2 MSIREGISTER_MR; D:\MSIRegister\MSIRegisterService.exe [132048 2016-10-07] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TunnelBearMaintenance; D:\tunnelbear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 7164E3D9; C:\WINDOWS\System32\drivers\7164E3D9.sys [255928 2017-12-26] (Malwarebytes)
R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-12-26] (CPUID)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-29] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
R1 MpKsl3e42eeae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9C79173-B74C-40EB-8E52-9FFB4FDC62C0}\MpKsl3e42eeae.sys [58120 2017-12-21] (Microsoft Corporation)
R1 MpKslabe42c3a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8661E67-F3A9-491B-83A4-C80544449069}\MpKslabe42c3a.sys [58120 2017-12-26] (Microsoft Corporation)
S3 NTIOLib_1_0_C; D:\MSI MOBO\NTIOLib_X64.sys [11888 2011-06-28] (MSI) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [89440 2016-11-17] (Rivet Networks, LLC.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [14544 2017-12-26] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 18:12 - 2017-12-26 18:12 - 000000000 ____D C:\Users\Jared\Desktop\FRST-OlderVersion
2017-12-26 13:26 - 2017-12-26 13:26 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (3).exe
2017-12-26 11:13 - 2017-12-26 11:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-26 11:07 - 2017-12-26 11:14 - 000000000 ____D C:\Users\Jared\Desktop\mbar
2017-12-26 11:07 - 2017-12-26 11:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-26 11:07 - 2017-12-26 11:07 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7164E3D9.sys
2017-12-26 11:06 - 2017-12-26 11:06 - 014161479 _____ C:\Users\Jared\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-26 11:06 - 2017-12-26 11:06 - 014161479 _____ C:\Users\Jared\Desktop\mbar-1.10.3.1001-nr.exe
2017-12-26 09:51 - 2017-12-26 09:52 - 163281102 _____ C:\Users\Jared\Downloads\bh demos.zip
2017-12-26 09:49 - 2017-12-26 09:49 - 103346862 _____ C:\Users\Jared\Downloads\BROCKHAMPTON - Saturation [iTunes].zip
2017-12-25 21:29 - 2017-12-25 21:29 - 000906752 _____ C:\WINDOWS\schose.exe
2017-12-25 17:51 - 2017-12-25 17:51 - 000000000 ____D C:\Users\Jared\AppData\Local\GIGABYTE
2017-12-25 17:47 - 2017-12-26 18:27 - 000024208 _____ C:\Users\Jared\Desktop\FRST.txt
2017-12-25 17:47 - 2017-12-25 17:47 - 000055423 _____ C:\Users\Jared\Desktop\Addition.txt
2017-12-25 17:46 - 2017-12-26 18:26 - 000000000 ____D C:\FRST
2017-12-25 17:46 - 2017-12-26 18:12 - 002391552 _____ (Farbar) C:\Users\Jared\Desktop\FRST64.exe
2017-12-25 17:45 - 2017-12-25 17:46 - 002392064 _____ (Farbar) C:\Users\Jared\Downloads\FRST64.exe
2017-12-22 11:19 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-22 11:19 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-22 11:18 - 2017-12-22 11:18 - 032227328 _____ C:\Users\Jared\Downloads\EpicInstaller-7.0.0.msi
2017-12-22 10:11 - 2017-12-22 10:12 - 000003586 _____ C:\Users\Jared\Desktop\Rkill.txt
2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill (1).exe
2017-12-22 10:11 - 2017-12-22 10:11 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Desktop\rkill (1).exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Downloads\ESETPoweliksCleaner.exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000549504 _____ (ESET) C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe
2017-12-22 10:11 - 2017-12-22 10:11 - 000000022 _____ C:\Users\Jared\Desktop\ESETPoweliksCleaner.exe_20171222.101115.10272.zip
2017-12-21 21:46 - 2017-12-21 21:46 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0 (1).zip
2017-12-21 21:44 - 2017-12-21 21:44 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (2).exe
2017-12-21 20:30 - 2017-12-21 20:30 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0 (1).exe
2017-12-21 20:29 - 2017-12-21 20:29 - 008198432 _____ (Malwarebytes) C:\Users\Jared\Downloads\adwcleaner_7.0.6.0.exe
2017-12-21 19:05 - 2017-12-21 22:13 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-21 19:05 - 2017-12-21 21:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-21 19:05 - 2017-12-21 19:05 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-21 19:05 - 2017-12-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-21 19:04 - 2017-12-21 19:05 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-21 19:04 - 2017-12-21 19:04 - 036251728 _____ (Adlice Software ) C:\Users\Jared\Downloads\setup.exe
2017-12-21 18:47 - 2017-12-11 11:14 - 000000000 ____D C:\Users\Jared\Downloads\integrity_verification
2017-12-21 18:47 - 2017-12-11 11:06 - 000000000 ____D C:\Users\Jared\Downloads\tron
2017-12-21 18:46 - 2017-12-21 18:47 - 603933879 _____ (Igor Pavlov) C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).exe
2017-12-21 18:46 - 2017-12-21 18:46 - 000185196 _____ C:\Users\Jared\Downloads\Tron v10.4.2 (2017-12-11).torrent
2017-12-21 18:40 - 2017-12-21 20:32 - 000000000 ____D C:\AdwCleaner
2017-12-21 18:40 - 2017-12-21 18:40 - 008172032 _____ (Malwarebytes) C:\Users\Jared\Downloads\AdwCleaner.exe
2017-12-21 18:39 - 2017-12-21 18:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe
2017-12-21 18:35 - 2017-12-21 18:35 - 006705178 _____ C:\Users\Jared\Downloads\mbam-chameleon-3.1.33.0.zip
2017-12-21 18:33 - 2017-12-21 18:33 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2017-12-21 18:33 - 2017-12-21 18:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-21 18:22 - 2017-12-26 13:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-21 18:22 - 2017-12-26 13:26 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-21 18:21 - 2017-12-21 18:22 - 083316440 _____ (Malwarebytes ) C:\Users\Jared\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-20 21:08 - 2017-12-20 21:08 - 000016872 _____ C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE
2017-12-20 20:53 - 2017-12-20 20:53 - 000016876 _____ C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease
2017-12-20 20:24 - 2017-12-20 20:24 - 000000000 _____ C:\autoexec.bat
2017-12-20 20:14 - 2017-12-20 20:14 - 000000000 ___HD C:\Users\Jared\MicrosoftEdgeBackups
2017-12-20 20:11 - 2017-12-26 09:07 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-20 19:45 - 2017-12-20 19:45 - 001129816 _____ (Google Inc.) C:\Users\Jared\Downloads\ChromeSetup (1).exe
2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ C:\ProgramData\TeamVieverService.dll
2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ C:\ProgramData\lock.dat
2017-12-20 19:41 - 2017-12-21 18:44 - 000000024 _____ C:\ProgramData\rwi.chad
2017-12-20 19:40 - 2017-12-26 11:12 - 000000000 ____D C:\Program Files (x86)\foldershare
2017-12-20 19:40 - 2017-12-25 18:17 - 007419393 _____ C:\WINDOWS\nvdia.exe
2017-12-20 19:40 - 2017-12-20 20:45 - 000000000 ____D C:\Users\Jared\AppData\Roaming\cc7c59c5aa2a4253a93829072f71de90
2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\Users\Jared\AppData\Local\f60daabad01942e0afb138f0b7cc7650
2017-12-20 19:40 - 2017-12-20 19:41 - 000000000 ____D C:\ProgramData\de5f5c4699ea479f85bf44bc7cde3c3a
2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ C:\Users\Jared\AppData\Local\installer.dat
2017-12-20 17:58 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Jared\dawntained
2017-12-20 17:58 - 2017-12-20 17:58 - 000095290 _____ C:\Users\Jared\Downloads\dawntained.jar
2017-12-20 16:38 - 2017-12-26 09:40 - 000000000 ____D C:\Users\Jared\AppData\LocalLow\uTorrent
2017-12-18 21:29 - 2017-12-18 21:29 - 058982477 _____ C:\Users\Jared\Downloads\Days_Before_Rodeo-(DatPiff.com).zip
2017-12-17 21:57 - 2017-12-17 21:57 - 000000000 ____D C:\.zonica_cache_32
2017-12-17 21:56 - 2017-12-17 21:57 - 000000000 ____D C:\Users\Jared\.zonica_32
2017-12-17 21:56 - 2017-12-17 21:56 - 000195413 _____ C:\Users\Jared\Downloads\Zonica.jar
2017-12-17 21:36 - 2017-12-20 19:42 - 000000000 ____D C:\Users\Jared\AppData\Roaming\TS3Client
2017-12-17 21:35 - 2017-12-17 21:35 - 000000680 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-12-17 21:35 - 2017-12-17 21:35 - 000000630 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-12-17 21:34 - 2017-12-17 21:34 - 078077208 _____ (TeamSpeak Systems GmbH) C:\Users\Jared\Downloads\TeamSpeak3-Client-win64-3.1.7.exe
2017-12-13 20:01 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-13 20:01 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 19:20 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:20 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 19:20 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 19:20 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 19:20 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 19:20 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:20 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:20 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:20 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 19:20 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 19:20 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:20 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 19:20 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:20 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:20 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:20 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 19:20 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 19:20 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:20 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 19:20 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 19:20 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 19:20 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 19:20 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:20 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 19:20 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 19:20 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:20 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 19:20 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:20 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 19:20 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-12-13 19:20 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-12-13 19:20 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:20 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:20 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:20 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-12-13 19:20 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:20 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:20 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-12-13 19:20 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 19:20 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:20 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:20 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-12-13 19:20 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-12-13 19:20 - 2017-12-07 17:29 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterShim.dll
2017-12-13 19:20 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 19:20 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 19:20 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 19:20 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-12-13 19:20 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:20 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 19:20 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 19:20 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:20 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:20 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:20 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:20 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 19:20 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:20 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:20 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:20 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:20 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:20 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:20 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:20 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:20 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 19:20 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:20 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 19:20 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:20 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:20 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:20 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 19:20 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 19:20 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:20 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 19:20 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 19:20 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:20 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 19:20 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:20 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:20 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:20 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:20 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 19:20 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 19:20 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:20 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-12-13 19:20 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:20 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:20 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:20 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:20 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 19:20 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-12-13 19:20 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-12-13 19:20 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 19:20 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 19:20 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 19:20 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 19:20 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:20 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 19:20 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:20 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:20 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:20 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:20 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:20 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:20 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 19:20 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:20 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:20 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 19:20 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:20 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:20 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 19:20 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:20 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:20 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:20 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-12-13 19:20 - 2017-11-26 08:21 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000669592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:20 - 2017-11-26 08:21 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-12-13 19:20 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 19:20 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 19:20 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:20 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:20 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:20 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:20 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:20 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 19:20 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:20 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:20 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:20 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:20 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:20 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:20 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:20 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:20 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 19:20 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 19:20 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:20 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:20 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:20 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:20 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:20 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:20 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 19:20 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:20 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 19:20 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 19:20 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:20 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:20 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:20 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:20 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:20 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:20 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:20 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 19:20 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:20 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:20 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 19:20 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 19:20 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:20 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:20 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:20 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:20 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:20 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:20 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:20 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:20 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:20 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:20 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:20 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 19:20 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:20 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:20 - 2017-11-26 05:57 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-12-13 19:20 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:20 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:20 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:20 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:20 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:20 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:20 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-12-13 19:20 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:20 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 19:20 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:20 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:20 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:20 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:20 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 19:20 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:20 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:20 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:20 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-13 19:20 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:20 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-11 17:03 - 2017-12-11 17:04 - 000000000 ____D C:\Users\Jared\Desktop\CSGO
2017-12-11 17:03 - 2017-12-11 17:03 - 000000000 ____D C:\Users\Jared\Desktop\Witcher Mods
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-02 18:45 - 2017-12-02 18:45 - 000000000 ____D C:\Program Files (x86)\Razer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 18:15 - 2017-09-08 20:15 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-26 15:29 - 2017-11-07 21:06 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DA44643-B285-4279-864B-5A82909EE1D9}
2017-12-26 13:30 - 2017-09-08 19:55 - 000000000 ____D C:\Users\Jared\AppData\Local\CrashDumps
2017-12-26 11:23 - 2017-11-07 21:06 - 000003330 _____ C:\WINDOWS\System32\Tasks\CAM
2017-12-26 11:19 - 2017-11-07 21:12 - 001463230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-26 11:13 - 2017-11-07 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-26 11:13 - 2017-11-07 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-26 11:13 - 2017-11-05 15:11 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-12-26 11:13 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Jack Game Contacts Lease
2017-12-26 11:13 - 2017-09-11 11:42 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-26 11:13 - 2017-09-08 20:09 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-12-26 11:12 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\EPSON Stylus CX5000 XE
2017-12-26 09:57 - 2017-09-16 21:34 - 000000000 ____D C:\Users\Jared\AppData\Roaming\uTorrent
2017-12-26 08:53 - 2017-09-08 21:03 - 000000000 ____D C:\ProgramData\LogiShrd
2017-12-25 18:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\iPubster
2017-12-25 18:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Chronix MP3G.CE Extractor
2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-25 17:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-25 17:32 - 2017-11-24 20:40 - 000003492 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-12-25 17:30 - 2017-09-10 15:47 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-22 11:19 - 2017-10-22 18:09 - 000000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-12-22 10:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-22 10:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared
2017-12-22 09:29 - 2017-09-10 16:22 - 000007597 _____ C:\Users\Jared\AppData\Local\resmon.resmoncfg
2017-12-21 22:14 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-21 21:29 - 2017-10-28 10:44 - 000000000 ____D C:\Users\Jared\Downloads\ASSASSINS CREED ORIGINS-FULL UNLOCKED RePack
2017-12-21 21:27 - 2017-09-08 21:14 - 000000000 ____D C:\ProgramData\CLink4
2017-12-21 19:31 - 2017-10-07 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-12-21 19:31 - 2017-09-09 22:24 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2017-12-21 19:22 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-20 21:15 - 2017-09-08 20:19 - 000002340 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-20 20:12 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-20 19:45 - 2017-11-07 21:06 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-20 19:45 - 2017-11-07 21:06 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-20 19:40 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-12-20 16:38 - 2017-11-24 20:40 - 000000000 ___RD C:\Users\Jared\iCloudDrive
2017-12-19 08:17 - 2017-09-08 19:38 - 000000000 ____D C:\Users\Jared\AppData\Local\NVIDIA
2017-12-17 20:06 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-15 20:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 19:16 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-14 19:16 - 2017-09-21 12:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-13 20:01 - 2017-11-07 21:08 - 000000000 ___RD C:\Users\Jared\3D Objects
2017-12-13 20:01 - 2017-08-30 20:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 20:00 - 2017-11-07 21:02 - 000398592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 20:00 - 2017-09-29 09:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-13 20:00 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2017-12-13 20:00 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-13 19:22 - 2017-09-09 13:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 19:21 - 2017-10-10 19:12 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 19:21 - 2017-09-09 13:22 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 19:20 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-12-13 19:20 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-12-13 19:20 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-12-13 19:20 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-12-13 17:35 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Jared\AppData\Local\Packages
2017-12-12 07:32 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\discord
2017-12-11 23:37 - 2017-11-17 18:52 - 000002229 _____ C:\Users\Jared\Desktop\Discord.lnk
2017-12-11 23:37 - 2017-11-17 18:52 - 000000000 ____D C:\Users\Jared\AppData\Local\Discord
2017-12-11 23:37 - 2017-09-09 11:40 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-10 20:24 - 2017-10-26 15:32 - 000000000 ____D C:\Program Files\Epic Games
2017-12-08 20:03 - 2017-09-30 12:55 - 000000000 ____D C:\Users\Jared\AppData\Local\UnrealEngine
2017-12-08 17:37 - 2017-11-07 21:06 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3664622787-202345870-56879904-1001
2017-12-08 17:37 - 2017-08-30 20:16 - 000002359 _____ C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-08 17:37 - 2017-08-30 20:16 - 000000000 ___RD C:\Users\Jared\OneDrive
2017-12-04 15:20 - 2017-09-08 22:32 - 000000000 ____D C:\Users\Jared\Documents\The Witcher 3
2017-11-26 00:05 - 2017-11-05 14:58 - 000000000 ____D C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2017-12-20 19:41 - 2017-12-21 19:31 - 000000004 _____ () C:\ProgramData\lock.dat
2017-12-20 19:43 - 2017-12-20 19:43 - 000266752 _____ () C:\ProgramData\TeamVieverService.dll
2017-12-20 19:40 - 2017-12-20 19:40 - 000140800 _____ () C:\Users\Jared\AppData\Local\installer.dat
2017-09-10 16:22 - 2017-12-22 09:29 - 000007597 _____ () C:\Users\Jared\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-12-20 19:40 - 2017-12-20 19:40 - 000920448 _____ () C:\Users\Jared\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 000024612 _____ (Valssaamontie 53) C:\Users\Jared\AppData\Local\Temp\capi.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 000016384 _____ (noOrg) C:\Users\Jared\AppData\Local\Temp\cubesta.exe
2017-12-21 19:05 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\Users\Jared\AppData\Local\Temp\dllnt_dump.dll
2017-12-20 19:39 - 2017-12-20 19:39 - 003179374 _____ () C:\Users\Jared\AppData\Local\Temp\golm.exe
2017-12-20 19:39 - 2017-12-20 19:39 - 001792069 _____ () C:\Users\Jared\AppData\Local\Temp\pi.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-20 20:50

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Jared (26-12-2017 18:27:18)
Running from C:\Users\Jared\Desktop
Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled)
Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled)
Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared
WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT)
Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden
CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - )
Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version:  - )
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.)
Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] ()
Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION
Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.)
Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION
Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation)
Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe
2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-12 18:20 - 2017-12-12 18:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 18:20 - 2017-12-12 18:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 18:20 - 2017-12-12 18:20 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 18:20 - 2017-12-12 18:20 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll
2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe
2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
2017-12-05 18:59 - 2017-12-05 18:59 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 001037600 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-08 20:15 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll
2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-10-19 14:58 - 2017-12-26 11:13 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL
2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll
2017-09-08 21:30 - 2017-12-26 11:23 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll
2017-12-11 23:37 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 07:32 - 2017-12-12 07:32 - 001886712 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001773560 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-11 23:37 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 23:37 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Jared\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 07:32 - 2017-12-12 07:32 - 009802232 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001505784 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 07:32 - 2017-12-12 07:32 - 000513016 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 07:32 - 2017-12-12 07:32 - 002662904 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 07:32 - 2017-12-12 07:32 - 001517048 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 07:32 - 2017-12-12 07:32 - 002749944 _____ () \\?\C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-09-08 20:18 - 2017-12-20 07:16 - 000249120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000345376 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000254240 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000437024 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 006339360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2017-11-21 18:39 - 2017-11-29 17:46 - 002588960 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\steamnetworkingsockets.dll
2017-10-18 18:56 - 2017-10-18 18:54 - 025159968 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\phonon.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000206112 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 001176864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000865568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000387360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000622368 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000213280 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000791328 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000267040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundsystem.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 001002784 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000418080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 003298080 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000622368 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000189728 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000264480 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 001118496 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2017-09-06 14:05 - 2017-09-06 14:05 - 000007168 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\EasyLoad32.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000613152 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 012555040 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 010520352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000095520 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2017-09-08 20:18 - 2017-09-08 20:18 - 000078624 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2017-09-08 20:18 - 2017-09-08 20:18 - 000020256 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2017-12-12 07:32 - 2017-12-12 07:32 - 000618488 _____ () C:\Users\Jared\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\1\DiscordOverlay.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000091936 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 001025824 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2017-09-08 20:18 - 2017-12-20 07:16 - 000180512 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 www.wizzmonetize.com
127.0.0.1    gf.tools.avast.com

There are 361 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{15722B42-B690-46BA-8276-C7F7988A0D2F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{3F75556A-628B-4E80-A56B-0F94AD29A3AA}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{CC714624-5093-4AA1-94C7-F80CB680CFF0}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{79B3413C-01A2-40DA-857C-3B57F87AEA70}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{BE8CAF66-CAF5-4014-9B98-E15BB25EDB79}D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{6AAF6D99-D01C-4925-8EC6-5A1ED9F40887}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{0ECA6D84-E3AA-494A-9711-EC49195E0AF6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{98BBB5DE-AE16-4EF1-BFDA-D0623BF1543A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{9DC70EB6-DC6F-480D-BEB9-E8C4FECEFF36}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{4A104148-BAEB-4B86-8307-3ECC11D15CEE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{08C61A05-0241-4CB0-B35B-6C834CD8DB03}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{97447B31-69F7-4681-87FE-C81B9D162A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{C3056B4A-02A5-45FB-BDA4-37B286ECAEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{32207B8D-E4CE-4110-AD03-DB6EF7AFC725}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{F78EAF6F-C672-4E3E-980F-486D94C3743F}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{B3255CE9-A583-4502-B8A3-A33F100B0EA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB403D97-2D30-4B92-ACB1-CCF64B1FA8F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2333B732-163C-419E-B859-EDFC0856DA24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A7356D4A-462E-4785-A587-603095855201}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AFD26F73-F1A7-4A72-B3C6-15F106829C17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1364CAEA-CF6A-4960-A45A-702899980CE7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1D11E886-5067-4749-B451-BF9C7FA38ED2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6CCC7268-8F8E-4BEB-9AA8-4449E01F6B65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1204D603-9107-48FC-B8A8-9DBCE56ACD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7CB9BE80-CBF4-440F-8E32-7602BE299D9E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29F7EBB1-0EFB-45A0-995F-58319EA5980E}] => (Allow) C:\Users\Jared\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{233E32A2-6493-4A73-9EFA-A66B07413EE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F04A6C02-B3D8-4CD6-B6A0-D730C4E7E0E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5105E693-BC5A-4722-BCAF-9B91840E37F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F42BE6D-06F8-4A98-B30E-CBE7DDA9CA16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F316B13-0EE9-4515-8C8B-2BD036A2AC00}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C6CB56EC-BDFC-43B3-92F8-6DC3BB59AD7A}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DF9818AC-D700-4856-A460-556F1BE5E655}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A62263AA-6977-4AB7-8B5B-4C4585667046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2F3BAA9B-31C1-4701-837D-71663C4D859E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2B26CE4B-BD88-43AE-8105-1776C8774408}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D760608C-0D70-411E-A635-34BD2C1EA8E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{28A09357-86E1-4493-A723-691A33D6EC21}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [UDP Query User{E3D72C53-1F89-4FDA-8BA6-FBC429DBFD2B}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [{5587831F-79F3-43F8-B786-D90A9584B508}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{740AEE29-EE44-4E8B-8CEE-5B2A3AED6402}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9540B722-83BE-4400-A188-99C070E966DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BA8F7934-7661-4FAE-A5EF-980484159227}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{10DC75AE-5E37-4D56-930C-0E97E2FE9249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EEEA6290-F22F-4604-82EF-478AC2B01B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{66182FDD-45E5-4C7C-B7E7-0A78754D6285}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4312BE95-5C74-4F30-937C-5FE9EC084721}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{78D9C1C6-7436-417C-924A-2460CF6E471B}] => (Allow) LPort=9143
FirewallRules: [{7DDDA7E0-F00F-4E1D-9376-9C94A12C5EBB}] => (Allow) LPort=2333
FirewallRules: [{0F8BC471-74CF-4000-AC3C-A670033FBC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{65649B17-3007-45EC-9908-CAF317E61840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{46A68C26-80D5-4016-85F2-F729A199AC35}] => (Allow) D:\iTunes.exe
FirewallRules: [{04683E3C-0EA3-4C85-80BA-F0A58A2FFEAA}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{BD51FDF0-0390-4E68-BF27-4895AE956656}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{8D037296-80EC-4091-B130-3DE36B9F09F6}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{D3687704-2F1B-483A-9D8A-415DBA9B491A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CA4B22A9-7278-4B8B-A7DA-724F6F31208B}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B1F5F306-CECE-4DC0-BA27-971E3D5F03FF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{B3D3C48C-A439-4BCF-8B7A-F287C3E42C9C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{D7A82F5C-B8C4-4904-9828-55AA6D011144}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{68E9FA2E-5FA8-46F2-A93D-D44BA91157E1}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe
FirewallRules: [UDP Query User{A1AF2845-1969-496D-B63A-E9EEA9A944AF}C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe] => (Allow) C:\program files (x86)\gigabyte\aorus graphics engine\aorus.exe

==================== Restore Points =========================

22-12-2017 11:19:29 Installed DirectX
26-12-2017 11:12:23 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2017 01:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x2520
Faulting application start time: 0x01d37e685d9a7749
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: dab11714-4cae-4259-9bb0-71927b5bc458
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2017 12:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x20f8
Faulting application start time: 0x01d37e6c2e8d268e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: a3810e00-d84b-4272-a463-8ab77b37dc38
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2017 12:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x500
Faulting application start time: 0x01d37e6c1cdddbfb
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 1daee968-724b-42b4-bfed-39fa26cf46c7
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2017 12:08:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x5b4
Faulting application start time: 0x01d37e6c18679f07
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: ddd7169c-6d5f-49e4-be48-dce7137d84ec
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2017 11:14:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x244c
Faulting application start time: 0x01d37e64a7c7736b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: cf3fba86-23fe-40fb-8ba6-e72a391f5fc3
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2017 11:14:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2017 11:14:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2017 11:14:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2017 11:14:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2017 11:13:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LAClient.exe, version: 1.1.133.0, time stamp: 0x59962590
Faulting module name: LAClient.exe, version: 1.1.133.0, time stamp: 0x59962590
Exception code: 0xc0000409
Fault offset: 0x0000000000104f23
Faulting process id: 0x28e8
Faulting application start time: 0x01d37e647388550f
Faulting application path: C:\Program Files\Logitech Gaming Software\LAClient\LAClient.exe
Faulting module path: C:\Program Files\Logitech Gaming Software\LAClient\LAClient.exe
Report Id: 1204a772-4df7-4fe3-b0d6-553b2dd6c4da
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (12/26/2017 11:14:55 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 11:13:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 11:04:59 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 10:28:22 AM) (Source: DCOM) (EventID: 10016) (User: JAREDS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user JAREDS-PC\Jared SID (S-1-5-21-3664622787-202345870-56879904-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 10:28:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-12-26 18:23:53.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 18:23:53.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 18:08:06.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 18:08:06.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 18:07:42.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 18:07:42.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 17:51:22.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 17:51:22.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 17:38:06.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 17:38:06.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 38%
Total physical RAM: 16341.87 MB
Available physical RAM: 10128.14 MB
Total Virtual: 18773.87 MB
Available Virtual: 11237.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.5 GB) (Free:27.07 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:725.74 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

Edited by JaredNolan
Link to post
Share on other sites

15 hours ago, Aura said:

Yeah it is back. Alright, run a new scan with MBAR and provide me the log afterwards.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.28.03
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.125.16299.0
Jared :: JAREDS-PC [administrator]

12/27/17 11:03:47 PM
mbar-log-2017-12-27 (23-03-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 214302
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 90
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ba8ee401892e05670d60ca1aa57c43c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9d561519d8d2999d710507aa827fd12f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [aa4938f6efbbcf675b41634a8e735aa6]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [01f2012da80273c32dde03ac2fd2ed13]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [53a0d8561f8b70c66a6146688879b749]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [549fb876a30747ef7114c9e636cbf10f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5b981816b3f7122461f01f924eb36e92]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [26cde64800aa70c6504ff4bce71a02fe]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dc6e34b446694a219985d4fae53e917]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45aed9552f7bd06683bc238cf60b966a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c330e34b565465d1e0e6d1dfe1207d83]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf243cf25c4e39fd8c4b4e625ba607f9]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a94a9698d1d9d462f154beef738e936d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd8131b2f7b0d292578af0157aa7c84]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [39ba3fefe1c995a1ed1bdad67d8423dd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [12e162cc812954e247aab2fbbd4406fa]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8073c46a307a6ec8f376dfd0a06158a8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [31c2ee40adfd79bdef3c5858de2319e7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [50a3de5015950c2a738c5b54ed1431cf]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7d76db536149d6600bffbef1f60ba45c]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [03f0a9851595ad892889dbd63dc454ac]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fdf6939bb4f63600c55baf00e41dd828]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [10e3161800aa91a5cb8dd2ddca37e21e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [896ace6001a94fe7a984723f10f132ce]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [21d2032b09a1df57e22508a95ba6817f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a44fcc62cfdb70c68e3c228cbc45837d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd8939b9b0f4ee844e6e0d007fa0ff1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ca753db23871f17fcb8af0026db11ef]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1bd867c7694131059ba13d7411f0bc44]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fef598962e7c9e989f161f90a958d22e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [14df9f8fc6e4f343b53fbcf4827fed13]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [20d357d73c6e999dba0de0cf9b66ca36]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [73802b033b6f0d29da1b357bb64b31cf]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fcf78ba37c2ed75f9cb4ecc532cf18e8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac4795993674ff37f49c3f72d829e020]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8d669797a00a231380875858da2714ec]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c231e04ee1c93105a0a2c4ec50b1f30d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [24cf4ee0208a9d99e182ac056899e51b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ac4799958c1e181e578688264eb302fe]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [42b180ae4d5d60d61586aa044cb51de3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [787bb27ca901a49229710e9dde230df3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f5485a99a1010266dcd139bf110e917]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fcf771bda00a76c0b1ba555b956c41bf]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6291cb63d6d43105524c6749e21f3dc3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8c67da5426849f97a18b6c44956c7987]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d3202c02aa001422de68535a22df7e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9f54032b3971be78195dad045ea3fb05]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [7e75ff2f39711224d8c4337a4db4619f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a35028061f8bcc6a957609a627da7f81]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [09eacc623e6c49edd7f485290af7e21e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c52e9d91eac00f27e1a41f90f1104fb1]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d61df43a8a2041f56ce56150000130d0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [63902b03a7032f070699dfd17f82d729]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c72c3ef06644ca6c8829bcf0758c6799]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [688b26086149e6500b34753a867b0ef2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d91a54da39719c9a06c00fa1a75ac040]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52a140ee9a10c96d14c3a30dfc05fe02]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [718272bc00aa0531172ebdf08a770cf4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5c97cf5f5b4ff046d3cabaf6907110f0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e2116ec0feac5dd9d7315e526b96827e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5b9843eb802a26108b66654859a8b44c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [30c3c66847632b0b0663a00f659c57a9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [22d127078426fe3898934b65d62b7f81]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cf24c6685f4bf73f629dfbb4b34e34cc]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [609342ec39713105f01ab9f6000117e9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d71c58d6cbdfdc5ae3cec0f17091817f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fff4949aa208d4622ff1b2fdd9281de3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e80ba28c2684e4528bcd208f0ef39f61]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [599a6bc37238ef4757d64c65c73a18e8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d41fa48a9c0e6fc72cdbf6bbac554eb2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b93ae54918925cda1fab4c6228d9f808]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8a69e8469317979f37f3f2be0ff258a8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f9fa1d119911cb6b5f551f906b9656aa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [20d39e909218b0861a2238791ae7b14f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c92a82ace2c8b77fa70e05aa4fb2ac54]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [dd16eb436248b5818e6659576d9415eb]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [698a65c941690e288443436ce21fd22e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca29d658327832046e8718988a7735cb]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [668d8ca2b2f8a69089c71b965aa759a7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [21d255d96b3ffe38058be2cf4eb3669a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ca7e24c3b6f5adcb354a60ab05151af]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [757e0b233b6f42f486bc555bf20f817f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [03f0ce604b5f39fd63001c9522dfc63a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [52a148e60aa055e1617cf8b646bb7c84]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8271c767337739fd8d0eb6f826db7b85]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c62dc26c7e2c85b1b6e46d3eb44d1de3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [38bbdd51affb2b0b3bff38765ca502fe]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bb381f0fc5e5f83e5912c8e88e73fd03]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a74ca08ec3e784b29b0304ac30d130d0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [886b31fdb1f9979fda52644c88795fa1]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\TeamVieverService.dll (Backdoor.TeamViewer) -> Delete on reboot. [ea09b8763d6df73fbb2868a82bd8837d]
C:\ProgramData\lock.dat (Backdoor.TeamViewer.Trace) -> Delete on reboot. [658e9b9348628da92c6eb697d22ea55b]
C:\ProgramData\rwi.chad (Backdoor.TeamViewer.Trace) -> Delete on reboot. [7f7455d9eebc5bdb28c738d8ef14758b]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Okay I understand what's happening. MBAR isn't deleting some task, file and folder associated with the infection. I just reported that issue to the Research Team so they can address it. Give them a few and once they give me the okay, we'll try again (shouldn't be too long).

Link to post
Share on other sites

Let's try this.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

5 hours ago, Aura said:

Let's try this.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

 

fixlist.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Jared (29-12-2017 01:37:10) Run:1
Running from C:\Users\Jared\Desktop
Loaded Profiles: Jared (Available Profiles: Jared)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll;C:\Program Files\iPubster\iPubster.dll;C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll

HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION

Task: {5C06278B-4A38-401B-B305-8393FA5D3B48} - System32\Tasks\Jack Game Contacts Lease => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== ATTENTION
Task: {98202221-583C-4EC2-8687-384A73502623} - System32\Tasks\iPubster => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\iPubster\iPubster.dll",OyULwQ <==== ATTENTION
Task: {9B5509B3-509C-448B-B698-DDF29485FC5A} - System32\Tasks\EPSON Stylus CX5000 XE => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll",GJxHRMHgPgp <==== ATTENTION

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"VirusTotal: C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll" => not found
"VirusTotal: C:\Program Files\iPubster\iPubster.dll" => not found
"VirusTotal: C:\Program Files\EPSON Stylus CX5000 XE\EPSON Stylus CX5000 XE.dll" => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5C06278B-4A38-401B-B305-8393FA5D3B48} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C06278B-4A38-401B-B305-8393FA5D3B48}" => removed successfully
C:\WINDOWS\System32\Tasks\Jack Game Contacts Lease => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jack Game Contacts Lease" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98202221-583C-4EC2-8687-384A73502623}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98202221-583C-4EC2-8687-384A73502623} => key not found
"C:\WINDOWS\System32\Tasks\iPubster" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iPubster => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9B5509B3-509C-448B-B698-DDF29485FC5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5509B3-509C-448B-B698-DDF29485FC5A}" => removed successfully
C:\WINDOWS\System32\Tasks\EPSON Stylus CX5000 XE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON Stylus CX5000 XE" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9986048 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38068023 B
Java, Flash, Steam htmlcache => 280880227 B
Windows/system/drivers => 7306064 B
Edge => 10006654 B
Chrome => 401651808 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 49926 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 297060 B
Jared => 79647266 B

RecycleBin => 6347658044 B
EmptyTemp: => 6.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:37:30 ====

Link to post
Share on other sites

1 hour ago, Aura said:

No problem JaredNolan, you're welcome :) Can you run a last scan with FRST and provide me a fresh set of logs? I'll make sure that there's nothing left.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Jared (29-12-2017 10:34:35)
Running from C:\Users\Jared\Desktop
Windows 10 Pro Version 1709 16299.125 (X64) (2017-11-08 02:08:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3664622787-202345870-56879904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3664622787-202345870-56879904-503 - Limited - Disabled)
Guest (S-1-5-21-3664622787-202345870-56879904-501 - Limited - Disabled)
Jared (S-1-5-21-3664622787-202345870-56879904-1001 - Administrator - Enabled) => C:\Users\Jared
WDAGUtilityAccount (S-1-5-21-3664622787-202345870-56879904-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
AORUS GRAPHICS ENGINE (HKLM-x32\...\AORUS GRAPHICS ENGINE_is1) (Version: 1.1.6 - GIGABYTE Technology Co.,Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CAM (HKLM-x32\...\{021EB16F-B5EF-464E-A26C-814C01D82EEA}) (Version: 3.5.00 - NZXT)
Corsair LINK 4 (HKLM-x32\...\{6607b5db-38d5-4ba1-a511-ac95594634d8}) (Version: 4.8.2.1 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{857D412A-46B9-4666-B1EF-5EDDEB607840}) (Version: 4.8.2.1 - Corsair Components, Inc.) Hidden
CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - )
Discord (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESEA Client (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Optane(TM) Memory (HKLM\...\{fca73a1d-2062-4ba7-9951-8bd39116b154}) (Version: 15.5.0.1051 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Killer Performance Suite (HKLM\...\{2DD0A568-6091-4C7E-80AA-99F16109B369}) (Version: 1.0.864 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3664622787-202345870-56879904-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Middle-earth Shadow of War v.1.0 (HKLM-x32\...\Middle-earth Shadow of War_is1) (Version:  - )
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2010 3.3) (HKLM\...\480519419545219A13536B66D4C46317E0882315) (Version: 07/14/2010 3.3 - Corsair Components, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00022913-FF6F-4B0E-BDFE-EAFA35676A82} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {1B873611-2C5E-4EDC-BE4C-1FD36CBCE6D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {23B58AFA-F1A3-4ADD-BDA5-D61F8E195750} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-08-10] (Corsair Components, Inc.)
Task: {3368FE03-30DD-444B-A0F4-6E0C62015E77} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {34FAA935-9B44-43FE-9A57-BC8A112070BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {404A1C2C-0E8F-4077-A1EA-F677937471EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {41D599CF-EF10-4EA6-B4D1-37C3ED37D4B3} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-10-03] ()
Task: {4694BD7A-C365-4AC7-97E9-1BB27B2A3C3A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {5A6CBEFC-76D8-467D-A095-E322FA57F8A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {67166B03-5958-44BD-98A2-FA9095C916D5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6A6562E2-6DFE-49A7-BA46-5E119B49F6D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {769DE119-293F-48CB-813B-96BCBBCFE98F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {7A3A1427-E928-4491-958A-E3B6E5D16799} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {8469B714-1441-412F-9F6F-7040D44AE979} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\AORUS.exe [2017-08-18] (GIGABYTE Technology Co.,Ltd.)
Task: {937132EF-93A6-4E52-BDC9-7FC4F0D13F33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {94D8230E-4FD2-4F52-B887-2CD2331A59D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A86B4BFE-F018-4801-B008-1DDDC4A93A01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-14] (Microsoft Corporation)
Task: {AB741E45-3B4F-411C-965A-C6ECAD8AE4DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)
Task: {AE637923-2CF6-4939-88ED-D312E507AF8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-08] (Google Inc.)
Task: {AEF2B5E0-705B-44F0-A9E6-96FC24CF97F5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-14] (Microsoft Corporation)
Task: {C0C16D6E-BE23-499B-9EBD-8F358ADCF69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C19278E4-A985-488B-AC3A-B875260F1DCF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {C5481BBF-7BB5-49EF-B666-E66655094827} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {C8131C4B-FF95-4157-85CB-698E55EC9D13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {D27ECD25-D8C9-44C4-A5DC-7D050218A36A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-14] (Microsoft Corporation)
Task: {D8C5B29D-772E-48C8-AC3B-81691E67B9FE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-10-19] (Apple Inc.)
Task: {DE8726EC-B6A9-432F-9669-18C0F37FB80E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {DF117107-8070-4AD5-B272-793D222E4F27} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {EB3E9151-3E80-40AB-867F-75CBF8A1290E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {EF1728F6-0626-4A5F-AEE4-1A5DEE4FFDA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-07 18:04 - 2017-03-07 18:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-09-08 19:38 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () D:\tunnelbear\TunnelBear.Maintenance.exe
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-11 11:42 - 2017-11-14 14:56 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-09-21 12:31 - 2017-12-14 19:15 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-13 19:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-08-18 04:01 - 2017-08-18 04:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () D:\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () D:\libxml2.dll
2017-09-08 20:09 - 2017-01-14 20:10 - 000218032 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\MBLed.exe
2017-10-03 21:51 - 2017-10-03 21:51 - 007864432 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
2017-09-12 12:09 - 2017-09-12 12:09 - 000188016 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
2017-12-20 19:46 - 2017-12-13 21:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-20 19:46 - 2017-12-13 21:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
2017-12-29 10:28 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-29 10:28 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-08 19:38 - 2017-10-10 20:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-12-08 17:37 - 2017-12-08 17:37 - 000102088 _____ () C:\Users\Jared\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-09-08 20:15 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-14 18:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-08 20:15 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-08 20:15 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-08 20:15 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-10-19 14:58 - 2017-12-29 10:26 - 000163840 _____ () C:\Users\Jared\AppData\Roaming\vibranceGUI\vibranceDLL.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-08 20:16 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-08 20:16 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-08 20:15 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-08 20:09 - 2017-01-12 17:15 - 000105472 _____ () C:\Program Files (x86)\GIGABYTE\AORUS GRAPHICS ENGINE\ycc.DLL
2017-08-31 13:48 - 2017-08-31 13:48 - 000282112 _____ () C:\Program Files (x86)\NZXT\CAM\GSyncLib.dll
2017-09-08 21:30 - 2017-12-29 10:27 - 000308736 _____ () C:\Program Files (x86)\NZXT\CAM\NVAPIHelper.dll
2017-09-06 14:05 - 2017-09-06 14:05 - 000070656 _____ () C:\Program Files (x86)\NZXT\CAM\FPS\KeyHookDLL_x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-12-20 21:11 - 000013622 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 asedownloadgate.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 ladomainadeserver.com
127.0.0.1 www.wizzmonetize.com
127.0.0.1    gf.tools.avast.com

There are 361 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3664622787-202345870-56879904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\w7ufw5eb3cuz.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6AD8A6B6-42B6-4CDB-98C4-A0860813C92F}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{16603D24-4FFC-435D-BE8F-0CF59DCB3810}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{2E988399-13EA-4B26-AA40-369D2E67FAD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{1F9C09DC-DC78-42E8-BB8A-B0B88C305679}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{15722B42-B690