Jump to content

Recommended Posts

Hey guys, im new to this forum. So i was dowloading few days ago a cheat to cs 1.6 game, yeah dont ask why . It said virus bla bla bla but i thought why not so i dowloaded it . After like 2-3 hours i started getting pop up adds like mail.ru , casino ads etc . i searched from youtube and found resulution and i removed them all. No problem with ads anymore. But then i got more scared when my cmoputer automaticly opened CMD and started writing such as " Transfering files" etc. Why is it? Is it yet adware or what. Im scared guys that it will take my parents bank account passwords etc. And just 1 hour ago my computer went blue screen saying " ERROR :(, We are collecting errors from your computer", which i thought is virus and it was . So please guys help me i dont want to lose any files or get viruses. My parents files are much more worth than my computer, id even restart it . I used malwarebytes, Zemana anti malware still doesnt help. what should i do? ;( thanks

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by IRSA (administrator) on IRSA-PC (07-01-2018 13:48:56)
Running from C:\Users\IRSA\Desktop
Loaded Profiles: IRSA (Available Profiles: IRSA & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1709 16299.125 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Innova Co S.a r.l.) C:\Program Files\4game\3.6.2.257\4game-service.exe
() C:\Program Files\Remote Mouse\RemoteMouseService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(RemoteMouse.net) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files\Remote Mouse\RemoteMouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [130448288 2017-12-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2312824 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Razer Imperator Driver] => C:\Program Files\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1150488 2016-09-25] (Highresolution Enterprises)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02] (Logitech, Inc.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Discord] => C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [MurGee.com Auto Clicker] => C:\Users\IRSA\Desktop\install\Auto Clicker\AutoClicker.exe [128160 2017-12-24] (MurGee.com)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\MountPoints2: {80c2d260-51e0-11e6-b81e-806e6f6e6963} - "E:\Autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-03-16]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-03-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.241.198.246 62.241.198.245
Tcpip\..\Interfaces\{770a0e7d-4e93-48e6-9cd0-21d13228c82d}: [DhcpNameServer] 62.241.198.246 62.241.198.245

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={880B23DF-C5A9-4566-9AA6-845122901CED}&mid=f12e4678c92847cc80a8b57816a551fc-72f28fcfded09090e0f734e4a3cd1fda34fcadd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816av&pr=fr&d=2016-02-19 18:09:52&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_92-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3yre5jmi.default
FF ProfilePath: C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default [2018-01-07]
FF user.js: detected! => C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default\user.js [2016-03-06]
FF Homepage: Mozilla\Firefox\Profiles\3yre5jmi.default -> hxxps://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636
FF NewTab: Mozilla\Firefox\Profiles\3yre5jmi.default -> about:newtab
FF NewTabOverride: Mozilla\Firefox\Profiles\3yre5jmi.default -> Enabled: homepage@mail.ru
FF SearchPlugin: C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default\searchplugins\avg-secure-search.xml [2016-07-22]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-02-26] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-01-07]
FF Plugin: @4game.com/plugin -> C:\Program Files\4game\3.6.2.257\npplugin4game.dll [2017-10-17] (Innova Co S.a r.l.)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default [2018-01-07]
CHR Extension: (Slides) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-04]
CHR Extension: (Docs) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Sheets) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (AdBlock) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Tampermonkey) - C:\Users\IRSA\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-04]
OPR Extension: (ScriptGate) - C:\Users\IRSA\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-01-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4game-service; C:\Program Files\4game\3.6.2.257\4game-service.exe [1686008 2017-10-17] (Innova Co S.a r.l.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1288712 2017-07-01] ()
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [472856 2018-01-04] (McAfee, Inc.)
R2 RemoteMouseService; C:\Program Files\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [70312 2012-12-28] (Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [22184 2012-12-28] (Advanced Micro Devices)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [158224 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255584 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157376 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276696 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50344 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [118144 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42824 2017-12-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124408 2017-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [99528 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70832 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783104 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [390272 2017-12-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [151328 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [294680 2017-12-22] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-29] ()
S3 Frost_10_17_0_11; C:\Users\IRSA\Desktop\MapCycLe\PointBlank\frost\frost.sys [80432 2017-07-22] (Innova)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [38416 2015-06-18] (Logitech, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [168376 2018-01-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [91576 2018-01-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [40376 2018-01-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2018-01-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [75712 2018-01-07] (Malwarebytes)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [88448 2017-02-14] (McAfee, Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo_0061.sys [37920 2016-03-26] (SoftEther Corporation)
S3 Neo_VPN2; C:\WINDOWS\System32\DRIVERS\Neo_0012.sys [37920 2016-03-26] (SoftEther Corporation)
S1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology) [File not signed]
R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-09-29] (Realtek )
R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VX1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-01-04] (Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 13:48 - 2018-01-07 13:49 - 000018910 _____ C:\Users\IRSA\Desktop\FRST.txt
2018-01-07 13:48 - 2018-01-07 13:48 - 001753600 _____ (Farbar) C:\Users\IRSA\Desktop\FRST.exe
2018-01-07 13:48 - 2018-01-07 13:48 - 000000000 ____D C:\FRST
2018-01-07 13:42 - 2018-01-07 13:42 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-07 13:02 - 2018-01-07 13:42 - 000091576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-07 13:02 - 2018-01-07 13:42 - 000075712 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-07 13:02 - 2018-01-07 13:42 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000168376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000002099 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 13:02 - 2018-01-07 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 13:02 - 2018-01-07 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 13:02 - 2017-11-29 09:11 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2018-01-07 13:01 - 2018-01-07 13:02 - 083316440 _____ (Malwarebytes ) C:\Users\IRSA\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2018-01-07 12:46 - 2018-01-07 12:46 - 000688992 ____R (Swearware) C:\Users\IRSA\Downloads\dds.com
2018-01-07 12:31 - 2018-01-07 12:31 - 443388224 _____ C:\WINDOWS\MEMORY.DMP
2018-01-05 18:48 - 2018-01-05 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto-Keyboard 9.0
2018-01-05 18:48 - 2018-01-05 18:48 - 000000000 ____D C:\Program Files\AutoKeyboard90
2018-01-05 18:47 - 2018-01-05 18:48 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\GetRightToGo
2018-01-05 18:46 - 2018-01-05 18:46 - 000367904 _____ (RegNow.com) C:\Users\IRSA\Downloads\Download_autokeyboardsetup.exe
2018-01-05 18:21 - 2018-01-05 18:21 - 000044093 _____ C:\Users\IRSA\Downloads\AutoKeyClicker v1.2.3.zip
2018-01-05 18:21 - 2018-01-05 18:21 - 000000000 ____D C:\Users\IRSA\AppData\Local\lolStudios
2018-01-05 18:19 - 2018-01-05 18:19 - 000534851 _____ C:\Users\IRSA\Downloads\Autosofted_Auto_Mouse_Clicker1.7.rar
2018-01-05 18:18 - 2018-01-05 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Mouse Auto Clicker
2018-01-05 18:18 - 2018-01-05 18:18 - 000000000 ____D C:\Program Files\Super Mouse Auto Clicker
2018-01-05 18:17 - 2018-01-05 18:39 - 000001028 _____ C:\Users\IRSA\Desktop\auto-clicker.lnk
2018-01-05 18:17 - 2018-01-05 18:18 - 000692402 _____ (Advanced Mouse Auto Clicker, Ltd. ) C:\Users\IRSA\Downloads\SuperMouseAutoClickerSetup.exe
2018-01-05 18:17 - 2018-01-05 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auto-clicker
2018-01-05 18:17 - 2018-01-05 18:17 - 000000000 ____D C:\Program Files\auto-clicker
2018-01-05 18:16 - 2018-01-05 18:16 - 001031608 _____ ( ) C:\Users\IRSA\Downloads\setup (7).exe
2018-01-05 18:14 - 2018-01-05 18:14 - 000783175 _____ C:\Users\IRSA\Downloads\OP Auto Clicker 2.1.exe
2018-01-05 18:13 - 2018-01-05 18:13 - 001704323 _____ ( ) C:\Users\IRSA\Downloads\OP Auto Clicker 2.1_2853322528.exe
2018-01-05 18:08 - 2018-01-05 18:08 - 000848536 _____ (MurGee.com ) C:\Users\IRSA\Downloads\setup (6).exe
2018-01-05 18:08 - 2018-01-05 18:08 - 000000000 ____D C:\Users\IRSA\Desktop\install
2018-01-05 14:34 - 2018-01-05 14:34 - 000012447 _____ C:\Users\IRSA\Downloads\toimeentulotukihakemus.pdf
2018-01-05 13:15 - 2018-01-05 13:15 - 008783235 _____ C:\Users\IRSA\Downloads\Untitled_Message (1).zip
2018-01-05 12:16 - 2018-01-05 12:17 - 000088688 _____ C:\Users\IRSA\Downloads\kela (45).pdf
2018-01-04 23:52 - 2018-01-04 23:52 - 000444952 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2018-01-04 23:52 - 2018-01-04 23:52 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2018-01-04 23:52 - 2018-01-04 23:52 - 000000000 ____D C:\Program Files\OpenAL
2018-01-04 23:27 - 2018-01-04 23:27 - 000000216 _____ C:\Users\IRSA\Desktop\CS2D.url
2018-01-04 18:31 - 2018-01-04 18:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-04 18:30 - 2018-01-04 18:31 - 083316440 _____ (Malwarebytes ) C:\Users\IRSA\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-04 18:10 - 2018-01-04 18:14 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-04 18:09 - 2018-01-07 13:49 - 000053627 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-04 18:09 - 2018-01-07 13:49 - 000024270 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-04 18:09 - 2018-01-04 18:09 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2018-01-04 18:09 - 2018-01-04 18:09 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2018-01-04 18:09 - 2018-01-04 18:09 - 000001963 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-01-04 18:09 - 2018-01-04 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-04 18:09 - 2018-01-04 18:09 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2018-01-04 18:08 - 2018-01-04 18:08 - 006625600 _____ (Zemana Ltd. ) C:\Users\IRSA\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-04 18:08 - 2018-01-04 18:08 - 000000000 ____D C:\Users\IRSA\AppData\Local\Zemana
2018-01-04 15:12 - 2018-01-04 15:12 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Google
2018-01-04 15:11 - 2018-01-04 15:11 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 15:11 - 2018-01-04 15:11 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-04 14:32 - 2018-01-04 14:42 - 000000000 ____D C:\Users\IRSA\AppData\Local\Go!
2018-01-04 14:32 - 2017-09-29 13:50 - 000059904 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe
2018-01-04 14:32 - 2017-09-29 13:49 - 000174592 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\bycDTZwmu.exe
2018-01-04 14:32 - 2017-09-29 13:49 - 000001133 _____ C:\Users\IRSA\AppData\Local\IEeyIEesN
2018-01-04 14:32 - 2017-09-29 13:49 - 000001060 _____ C:\Users\IRSA\AppData\Roaming\oHyee
2018-01-04 14:32 - 2017-09-29 13:49 - 000000067 _____ C:\WINDOWS\ybuhOEuyPZa
2018-01-04 14:32 - 2017-09-29 13:49 - 000000065 _____ C:\WINDOWS\system32\zfcuFyAYWve
2018-01-04 14:30 - 2018-01-04 14:30 - 000000469 _____ C:\Users\IRSA\Downloads\R8_NON-STEAM_IMPK_GFP9U4.torrent
2018-01-04 14:24 - 2018-01-04 14:24 - 010303699 _____ C:\Users\IRSA\Downloads\Чит R8 CS 1.6 .rar
2018-01-04 14:18 - 2018-01-04 14:48 - 000000000 ____D C:\Users\IRSA\AppData\LocalLow\uTorrent
2018-01-04 14:17 - 2018-01-04 14:17 - 000000499 _____ C:\Users\IRSA\Downloads\R8_NON-STEAM_CHEETAH_2.1_KBDYGN.torrent
2018-01-02 09:26 - 2018-01-02 09:26 - 000088688 _____ C:\Users\IRSA\Downloads\kela (44).pdf
2018-01-01 20:13 - 2018-01-01 20:13 - 000001401 _____ C:\Users\Public\Desktop\Counter-Strike Source.lnk
2018-01-01 20:13 - 2018-01-01 20:13 - 000001351 _____ C:\Users\Public\Desktop\Updating Counter-Strike Source.lnk
2018-01-01 19:50 - 2018-01-01 19:51 - 052921360 _____ C:\Users\IRSA\Downloads\GrowtopiaInstaller (13).exe
2018-01-01 18:16 - 2018-01-01 18:16 - 000143695 _____ C:\Users\IRSA\Downloads\def_knife_rainbow.rar
2017-12-31 11:23 - 2017-12-31 11:23 - 000499402 _____ C:\Users\IRSA\Downloads\LIS_9499759.pdf
2017-12-31 11:22 - 2017-12-31 11:22 - 000393210 _____ C:\Users\IRSA\Downloads\LIS_9727013 (2).pdf
2017-12-30 11:11 - 2017-12-30 11:11 - 000088688 _____ C:\Users\IRSA\Downloads\kela (43).pdf
2017-12-29 15:15 - 2017-12-29 15:15 - 000090587 _____ C:\Users\IRSA\Downloads\kela (42).pdf
2017-12-29 15:14 - 2017-12-29 15:14 - 000088688 _____ C:\Users\IRSA\Downloads\kela (41).pdf
2017-12-29 15:14 - 2017-12-29 15:14 - 000088688 _____ C:\Users\IRSA\Downloads\kela (40).pdf
2017-12-27 15:18 - 2018-01-01 19:51 - 000001140 _____ C:\Users\IRSA\Desktop\Growtopia.lnk
2017-12-27 15:18 - 2017-12-27 15:18 - 052739224 _____ C:\Users\IRSA\Downloads\GrowtopiaInstaller (12).exe
2017-12-26 19:36 - 2017-12-26 19:36 - 000090776 _____ C:\Users\IRSA\Downloads\kela (39).pdf
2017-12-26 19:35 - 2017-12-26 19:35 - 000083422 _____ C:\Users\IRSA\Downloads\kela (38).pdf
2017-12-26 19:34 - 2017-12-26 19:34 - 000089983 _____ C:\Users\IRSA\Downloads\kela (37).pdf
2017-12-26 19:27 - 2017-12-26 19:27 - 003225838 _____ C:\Users\IRSA\Downloads\Untitled_Message.zip
2017-12-23 13:20 - 2018-01-04 16:34 - 000000000 ___RD C:\Users\IRSA\Desktop\MapCycLe
2017-12-22 07:05 - 2017-12-22 07:05 - 000305840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-22 07:05 - 2017-12-22 07:05 - 000118144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-12-16 22:06 - 2017-12-16 22:30 - 000000000 ____D C:\Users\IRSA\Documents\Mount&Blade Savegames
2017-12-16 22:03 - 2017-12-17 18:16 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Mount&Blade
2017-12-16 22:03 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-16 22:03 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-16 22:03 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-16 22:03 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-16 22:03 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-16 22:03 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-16 22:03 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-16 22:03 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-16 22:03 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-16 22:03 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-16 22:03 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-16 22:03 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-16 22:03 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-16 22:03 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-16 22:03 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-16 22:03 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-16 22:03 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-16 22:03 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-16 22:03 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-16 22:03 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-16 22:03 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-16 22:03 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-16 22:03 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-16 22:03 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-16 22:03 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-16 22:03 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-12-16 22:03 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-16 22:03 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-16 22:03 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-16 22:03 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-16 22:03 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-16 22:02 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-16 22:02 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-16 22:02 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-16 22:02 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-16 22:02 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-16 22:02 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-16 22:02 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-16 22:02 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-16 22:02 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-16 22:02 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-16 22:02 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-16 22:02 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-16 22:01 - 2017-12-16 22:01 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2017-12-16 22:00 - 2017-12-16 22:05 - 000000000 ____D C:\Program Files\Mount&Blade
2017-12-16 21:32 - 2017-12-16 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2017-12-16 21:32 - 2017-12-16 21:32 - 000000000 ____D C:\Program Files\InstallShield Installation Information
2017-12-16 21:23 - 2017-12-16 21:23 - 000000000 ____D C:\Program Files\Codemasters
2017-12-15 18:44 - 2017-12-15 18:44 - 000000000 ____D C:\Users\IRSA\AppData\Local\DBG
2017-12-13 18:21 - 2017-12-13 18:21 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-12-13 09:17 - 2017-12-13 09:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-13 09:15 - 2017-12-13 09:15 - 000000000 ___HD C:\Users\IRSA\MicrosoftEdgeBackups
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ___RD C:\Users\IRSA\3D Objects
2017-12-13 09:13 - 2017-12-13 09:13 - 009497600 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-12-13 09:13 - 2017-12-13 09:13 - 000000020 ___SH C:\Users\IRSA\ntuser.ini
2017-12-13 09:12 - 2018-01-07 13:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-13 09:10 - 2017-12-13 09:12 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-12-13 09:10 - 2017-12-13 09:12 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-12-13 08:58 - 2017-12-13 08:58 - 000000000 ____D C:\ProgramData\USOShared
2017-12-13 08:57 - 2017-12-13 08:57 - 000001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-13 08:55 - 2017-12-14 13:11 - 000000000 ____D C:\Users\IRSA\AppData\Local\Packages
2017-12-13 08:54 - 2018-01-07 13:14 - 000000000 ____D C:\Users\IRSA
2017-12-13 08:54 - 2017-12-13 18:21 - 000000000 ____D C:\Users\DefaultAppPool
2017-12-13 08:49 - 2017-12-16 21:41 - 001010238 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-13 08:48 - 2017-12-13 08:48 - 000000202 ____H C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
2017-12-13 08:47 - 2018-01-07 13:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-13 08:46 - 2017-12-16 21:35 - 000385984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 05:32 - 2017-12-22 07:05 - 000783104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000390272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000294680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000276696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000255584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000158224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000157376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000151328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000124408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000099528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000070832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000050344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000042824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-13 05:31 - 2017-12-13 05:31 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-12-13 05:30 - 2017-12-13 18:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-13 05:25 - 2017-12-13 05:30 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-13 05:18 - 2017-12-13 05:18 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006403480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 004937224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 004145488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002491112 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002342400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002315776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002247168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002116504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 002062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001995672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001982976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001859584 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 001851288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001771008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001336544 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 05:17 - 2017-12-13 05:17 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000973648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000817152 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000717464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000608664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000538760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000535448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000530152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000508848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000499608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000478616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000454040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000445336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000434072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-13 05:17 - 2017-12-13 05:17 - 000414824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000368536 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000368536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000353176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000337304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 05:17 - 2017-12-13 05:17 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000322968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000300952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000278936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000253144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000233368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000213840 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000167832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000166632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000155544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000142640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000131992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscript.ocx
2017-12-13 05:17 - 2017-12-13 05:17 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000075776 _____ C:\WINDOWS\system32\runexehelper.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000065432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000049560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000043416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000038296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\Program Files\MSBuild
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\inetpub
2017-12-13 05:05 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-12-13 05:05 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-13 05:05 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-12-13 05:03 - 2017-09-28 20:54 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-12-13 05:03 - 2017-09-28 18:50 - 014014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-12-13 05:03 - 2017-09-28 18:46 - 000375296 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-12-13 05:03 - 2017-09-28 18:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-12-13 05:03 - 2017-09-28 18:44 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-12-13 05:03 - 2017-09-28 18:41 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-12-13 05:03 - 2017-09-28 18:40 - 003657216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-12-13 05:03 - 2017-09-28 18:40 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-12-13 05:03 - 2017-09-28 18:38 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-12-13 05:03 - 2017-09-28 18:37 - 004550144 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-12-13 05:03 - 2017-09-28 18:35 - 002216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-12-13 05:03 - 2017-09-28 18:35 - 001496064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-12-13 05:03 - 2017-09-28 18:35 - 000921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-12-13 05:03 - 2017-09-28 18:34 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-12-13 05:03 - 2017-09-28 18:31 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-12-13 05:02 - 2017-09-28 18:44 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0019.dll
2017-12-13 05:01 - 2017-09-28 18:44 - 008071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm000b.dll
2017-12-13 04:42 - 2017-12-13 04:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-11 04:31 - 2017-12-14 15:54 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-09 23:59 - 2017-12-09 23:59 - 004466282 _____ C:\Users\IRSA\Downloads\bo-ak47.rar
2017-12-09 23:58 - 2017-12-09 23:58 - 009941158 _____ C:\Users\IRSA\Downloads\d16rs_edisleado_upd4_2 (1).rar
2017-12-09 23:58 - 2017-12-09 23:58 - 005541663 _____ C:\Users\IRSA\Downloads\hltv_weapon_models (2).rar
2017-12-09 23:57 - 2017-12-09 23:57 - 009941158 _____ C:\Users\IRSA\Downloads\d16rs_edisleado_upd4_2.rar
2017-12-09 23:56 - 2017-12-09 23:56 - 016740215 _____ C:\Users\IRSA\Downloads\ts_default_weapon_retex (1).rar
2017-12-09 23:55 - 2017-12-09 23:55 - 016740215 _____ C:\Users\IRSA\Downloads\ts_default_weapon_retex.rar
2017-12-09 23:54 - 2017-12-09 23:54 - 003918687 _____ C:\Users\IRSA\Downloads\hd_models_3 (1).rar
2017-12-09 23:43 - 2017-12-09 23:43 - 007545482 _____ C:\Users\IRSA\Downloads\csgo_fiveseven_skins.rar
2017-12-09 23:41 - 2017-12-09 23:41 - 004413209 _____ C:\Users\IRSA\Downloads\mp5_akoben.rar
2017-12-09 23:41 - 2017-12-09 23:41 - 004413209 _____ C:\Users\IRSA\Downloads\mp5_akoben (1).rar
2017-12-09 23:39 - 2017-12-09 23:39 - 002012739 _____ C:\Users\IRSA\Downloads\default_ak-47_jaguar.rar
2017-12-09 23:37 - 2017-12-09 23:37 - 001386035 _____ C:\Users\IRSA\Downloads\default_m4a1-s_golden_coil_fb251.rar
2017-12-09 23:27 - 2017-12-09 23:27 - 007509102 _____ C:\Users\IRSA\Downloads\csgo_huntsman_knife_ade46.7z

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 13:45 - 2016-02-20 14:11 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Skype
2018-01-07 13:41 - 2016-06-04 22:35 - 000000000 ____D C:\Program Files\McAfee
2018-01-07 12:32 - 2016-11-28 14:42 - 000000280 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_IRSA.job
2018-01-07 12:13 - 2017-09-29 13:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-07 09:37 - 2017-05-12 13:24 - 000000000 ____D C:\Program Files\Steam
2018-01-06 18:33 - 2016-02-19 15:12 - 000000000 ____D C:\Users\IRSA\AppData\Local\Growtopia
2018-01-06 08:51 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-06 05:44 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-05 18:14 - 2016-06-04 22:35 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-01-05 18:14 - 2016-06-04 22:27 - 000000000 ____D C:\ProgramData\McAfee
2018-01-05 18:08 - 2017-07-21 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2018-01-05 15:13 - 2016-05-15 14:57 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-01-05 09:44 - 2017-09-29 13:52 - 000000000 ____D C:\WINDOWS\INF
2018-01-05 09:44 - 2016-02-20 13:52 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\uTorrent
2018-01-05 07:30 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-05 07:29 - 2017-09-29 13:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-04 23:27 - 2017-01-02 17:14 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-04 19:15 - 2017-08-31 13:59 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2018-01-04 19:15 - 2017-07-18 13:57 - 000000000 ____D C:\Program Files\WinZip Registry Optimizer
2018-01-04 19:15 - 2017-03-16 14:57 - 000000000 ____D C:\ProgramData\WinZip
2018-01-04 19:15 - 2017-03-16 14:53 - 000000000 ____D C:\Program Files\ByteFence
2018-01-04 19:15 - 2016-03-23 16:03 - 000000000 ____D C:\Program Files\Amazon
2018-01-04 19:14 - 2017-09-29 07:31 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-04 19:11 - 2016-03-28 23:22 - 000000000 ____D C:\Users\IRSA\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2018-01-04 18:47 - 2017-08-31 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-01-04 18:47 - 2016-07-16 10:29 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-04 18:07 - 2017-03-07 07:25 - 000000000 ____D C:\Users\IRSA\AppData\LocalLow\Mozilla
2018-01-04 15:11 - 2016-12-20 19:19 - 000000000 ____D C:\Users\IRSA\AppData\Local\Google
2018-01-04 15:11 - 2016-02-17 17:10 - 000000000 ____D C:\Program Files\Google
2018-01-04 14:54 - 2016-06-04 22:28 - 000000000 ____D C:\Users\IRSA\AppData\Local\Unity
2018-01-03 12:09 - 2016-02-17 14:26 - 000000000 ____D C:\Users\IRSA\AppData\Local\ElevatedDiagnostics
2018-01-03 10:06 - 2017-09-29 07:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-23 16:40 - 2016-11-12 14:28 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\TS3Client
2017-12-22 09:47 - 2017-06-30 13:59 - 000001357 _____ C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-22 07:06 - 2017-06-06 22:21 - 000055160 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-16 11:29 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 07:48 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-13 18:46 - 2017-09-29 13:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-13 18:43 - 2017-10-07 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-12-13 18:43 - 2017-09-29 13:58 - 000000000 ____D C:\WINDOWS\Setup
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\IME
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\schemas
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-13 18:43 - 2017-08-02 12:57 - 000000000 ____D C:\WINDOWS\ShellNew
2017-12-13 18:43 - 2017-08-02 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-12-13 18:43 - 2017-07-30 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2017-12-13 18:43 - 2017-07-22 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4game
2017-12-13 18:43 - 2017-07-21 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2017-12-13 18:43 - 2017-07-11 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free Cam 8
2017-12-13 18:43 - 2017-07-05 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-13 18:43 - 2017-05-12 19:52 - 000000000 ____D C:\Program Files\UNP
2017-12-13 18:43 - 2017-05-12 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-13 18:43 - 2017-03-16 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-12-13 18:43 - 2017-03-16 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2017-12-13 18:43 - 2017-03-15 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-13 18:43 - 2017-01-28 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D
2017-12-13 18:43 - 2016-11-28 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-13 18:43 - 2016-11-28 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-12-13 18:43 - 2016-09-24 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-12-13 18:43 - 2016-09-24 18:45 - 000000000 ____D C:\Program Files\IIS
2017-12-13 18:43 - 2016-09-24 18:39 - 000000000 ____D C:\WINDOWS\system32\1033
2017-12-13 18:43 - 2016-07-25 01:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 18:43 - 2016-06-09 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-13 18:43 - 2016-04-02 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-13 18:43 - 2016-03-23 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-13 18:43 - 2016-03-12 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2017-12-13 18:43 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-13 11:33 - 2016-07-24 22:19 - 000002366 _____ C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 11:33 - 2016-07-24 22:19 - 000000000 ___RD C:\Users\IRSA\OneDrive
2017-12-13 09:14 - 2016-07-24 22:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 09:14 - 2016-07-24 22:12 - 000000000 ____D C:\Users\IRSA\AppData\Local\TileDataLayer
2017-12-13 09:13 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 09:12 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-13 09:12 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\Registration
2017-12-13 09:10 - 2016-07-24 22:07 - 000021412 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-13 09:09 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\media
2017-12-13 09:01 - 2017-09-10 14:26 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2017-12-13 09:01 - 2017-07-05 23:49 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-13 09:01 - 2016-08-25 13:31 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2017-12-13 09:01 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2017-12-13 09:01 - 2016-02-22 16:37 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-13 08:58 - 2017-09-29 13:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-13 08:58 - 2017-09-29 13:55 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-13 08:55 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-13 08:55 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2017-12-13 08:55 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2017-12-13 08:48 - 2017-09-29 07:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-13 08:48 - 2016-09-24 16:13 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-12-13 05:43 - 2017-10-12 07:18 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 05:43 - 2016-07-25 01:28 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 05:42 - 2017-09-29 13:55 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-13 05:31 - 2017-09-22 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2017-12-13 05:31 - 2017-07-12 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2017-12-13 05:31 - 2017-04-29 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-12-13 05:31 - 2017-02-26 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-12-13 05:31 - 2016-09-24 16:13 - 000000000 ____D C:\Program Files\Realtek
2017-12-13 05:31 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\PerfLogs
2017-12-13 05:19 - 2017-09-29 07:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-13 05:07 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-12-13 05:06 - 2017-09-29 13:51 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-12-13 05:06 - 2017-09-29 13:51 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-12-13 05:06 - 2017-09-29 13:51 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-12-13 05:06 - 2017-09-29 13:50 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-12-13 05:06 - 2017-09-29 13:49 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-12-13 05:06 - 2017-09-29 13:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-12-13 05:06 - 2017-09-29 13:49 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-12-13 05:04 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\OCR
2017-12-12 23:21 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\discord
2017-12-12 23:20 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Local\Discord
2017-12-08 07:32 - 2017-09-29 18:03 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories =======

2017-07-11 00:18 - 2017-07-11 00:18 - 000000128 ____H () C:\Users\IRSA\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-01-04 14:32 - 2017-09-29 13:49 - 000001060 _____ () C:\Users\IRSA\AppData\Roaming\oHyee
2017-09-29 13:49 - 2017-09-29 13:49 - 000001060 _____ () C:\Users\IRSA\AppData\Roaming\oHyee.bat
2017-11-17 21:20 - 2017-11-17 21:22 - 000102755 _____ () C:\Users\IRSA\AppData\Local\15DE.tmp
2017-11-17 22:01 - 2017-11-17 22:15 - 000087867 _____ () C:\Users\IRSA\AppData\Local\473.tmp
2017-11-25 21:24 - 2017-11-25 21:38 - 000097078 _____ () C:\Users\IRSA\AppData\Local\55CD.tmp
2017-02-19 22:04 - 2017-02-19 22:04 - 000053235 _____ () C:\Users\IRSA\AppData\Local\5B38.tmp
2017-01-11 16:41 - 2017-01-11 16:44 - 000115621 _____ () C:\Users\IRSA\AppData\Local\7265.tmp
2017-11-17 21:26 - 2017-11-17 22:00 - 000093472 _____ () C:\Users\IRSA\AppData\Local\7D0F.tmp
2018-01-04 14:32 - 2017-09-29 13:49 - 000174592 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\bycDTZwmu.exe
2017-01-09 15:51 - 2017-01-09 15:52 - 000021107 _____ () C:\Users\IRSA\AppData\Local\CC5.tmp
2016-04-23 12:52 - 2016-04-23 12:52 - 000003584 _____ () C:\Users\IRSA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-17 21:24 - 2017-11-17 21:25 - 000021107 _____ () C:\Users\IRSA\AppData\Local\DCF.tmp
2018-01-04 14:32 - 2017-09-29 13:49 - 000001133 _____ () C:\Users\IRSA\AppData\Local\IEeyIEesN
2017-09-29 13:49 - 2017-09-29 13:49 - 000001133 _____ () C:\Users\IRSA\AppData\Local\IEeyIEesN.bat
2018-01-04 14:32 - 2017-09-29 13:50 - 000059904 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe
2016-12-01 18:56 - 2017-03-30 14:56 - 000000552 _____ () C:\Users\IRSA\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by IRSA (07-01-2018 13:50:51)
Running from C:\Users\IRSA\Desktop
Microsoft Windows 10 Home Version 1709 16299.125 (X86) (2017-12-13 07:13:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-514558421-1968590340-419934471-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-514558421-1968590340-419934471-503 - Limited - Disabled)
Guest (S-1-5-21-514558421-1968590340-419934471-501 - Limited - Disabled)
IRSA (S-1-5-21-514558421-1968590340-419934471-1000 - Administrator - Enabled) => C:\Users\IRSA
WDAGUtilityAccount (S-1-5-21-514558421-1968590340-419934471-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
4game (HKLM\...\4game) (Version: 3.6.2.257 - Innova Systems)
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Clicker v7.1 (HKLM\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 7.1 - MurGee.com)
auto-clicker 2.3.0 (HKLM\...\autoclicker_is1) (Version:  - )
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Auto-Keyboard 9.0 (HKLM\...\{CAE28200-F83E-4B83-8BEB-D8D6CA04883C}_is1) (Version:  - Auto-Keyboard)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Counter-Strike 2D 1.0.0.2 (HKLM\...\{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1) (Version:  - Unreal Software)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossout Launcher 1.0.3.18 (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\CrossOutLauncher_is1) (Version:  - )
Discord (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM\...\{818FF838-5FCD-4FCB-AE39-4F725EBCE2A1}) (Version: 1.1.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Growtopia) (Version:  - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.20 - IObit)
iSpring Free Cam 8 (HKLM\...\{9E6D2789-25C1-4884-ACAA-32F187F96410}) (Version: 8.3.15297 - iSpring Solutions Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 92 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30642.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.14.2 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
Mozilla Firefox 57.0 (x86 fi) (HKLM\...\Mozilla Firefox 57.0 (x86 fi)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 49.0.2725.64 (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
osu! (HKLM\...\{491298e5-b7b9-4ff0-be89-7e90ee7ca97c}) (Version: latest - ppy Pty Ltd)
PointBlank (HKLM\...\4game_pointblank) (Version:  - Innova Systems)
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Race Driver 2 (HKLM\...\{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}) (Version: 1.01.0000 - Codemasters) Hidden
Race Driver 2 (HKLM\...\InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}) (Version: 1.01.0000 - Codemasters)
Razer Imperator (HKLM\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Remote Mouse version 3.002 (HKLM\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Resource Hacker Version 4.5.30 (HKLM\...\ResourceHacker_is1) (Version:  - )
Roblox Player for IRSA (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Mouse Auto Clicker 4.0.2 (HKLM\...\{39062735-0291-4C52-919E-5A80BA98E8C2}_is1) (Version:  - Advanced Mouse Auto Clicker, Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
X-Mouse Button Control 2.14 (HKLM\...\X-Mouse Button Control) (Version: 2.14 - Highresolution Enterprises)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-514558421-1968590340-419934471-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-01-04] ()
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-01-04] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000321ED-BB20-4F48-BA52-93662F103CDD} - System32\Tasks\EKaxEAAejHaGH => C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe [2017-09-29] (Microsoft Corporation)
Task: {0ED32C5A-7B40-40F0-84CA-A434A6B7701F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {10B3CB18-CF5B-4C3A-ADA2-5409BB59B9E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {169F5015-1EE1-44D9-8BD7-49C0CD359231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-04] (Google Inc.)
Task: {1BE04A92-E1E0-46B4-AB0D-2F4A6D3EC303} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-04] (Google Inc.)
Task: {1F724D2A-74F2-44A4-8DA5-F1D6E1135D15} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-13] (WinZip)
Task: {39420BA3-06CC-43FF-BF0E-DAFAB1CF8F1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {399270DB-3046-4F48-80BC-E68420D44176} - System32\Tasks\Opera scheduled Autoupdate 1489668925 => C:\Users\IRSA\AppData\Local\Programs\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {40B80701-12D5-41E5-982F-54D9A9D2C14B} - System32\Tasks\Uninstaller_SkipUac_IRSA => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-01] (IObit)
Task: {47C8E398-AFA5-43EC-898D-6E241FB69B86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {56AB33E3-506F-4C8E-9DE6-D963DE95B91A} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {5A97A65C-9639-4776-8C69-BD0D88811524} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {60B18CF4-E4B7-4AEC-BB2B-33B88F67D757} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65CAE6F9-A6E9-4D94-B6AA-37DA4437EE7C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66CC960A-E677-47A4-A7D3-5FB2BA24FDD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {741D2ADE-611B-44D1-A655-748CD8D64411} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8066235A-AE58-42F2-AA47-F68763B646E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8594DFD6-D4C0-42B7-BC7F-79575856DC92} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Counter-Strike 2D\Common7\IDE\VSIXAutoUpdate.exe
Task: {948D634A-64F0-4797-A491-27B3A05197AA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9EC09769-F7A0-47B8-870C-A8EC4F87CCBB} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-13] (WinZip Computing, S.L.)
Task: {A9F1F90B-DFD3-496A-8E1D-75C5CCC00DC3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB469C48-5BFF-4A93-8B87-56191D9EA4C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ACAB7C8C-6F37-4333-8EC3-7DD359362517} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B194C29F-6888-4EAB-BDDB-EA5632C6A018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {B3BECC35-5223-4579-99CD-763B8C0A7D8A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B9F4C524-6691-44CF-AC6D-105A84E7A4D5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C1477CF3-E9F6-40B8-B262-BF1C541712E0} - System32\Tasks\IaadxSIIBFEu => C:\WINDOWS\system32\zfcuFyAYWve.bat [2017-09-29] () <==== ATTENTION
Task: {CD83BA0D-EC71-4B98-9D25-C333BBBC26C7} - System32\Tasks\{9C53A8DB-2F59-45E0-A590-058D93183963} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" -c  /uninstall
Task: {D413DE40-0325-403E-8AF6-C47C5C04D50C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {D7C37F78-5896-413F-A446-AA407F60DD20} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DDFCF23C-6D77-4EEA-AD22-4CD4155ECFAB} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {DE84125C-23E4-44E3-8309-553BA10D7C80} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E48BCEBB-4157-428E-A2CA-A503C3F1FB65} - System32\Tasks\HaXyEsY => C:\WINDOWS\ybuhOEuyPZa.bat [2017-09-29] () <==== ATTENTION
Task: {FC094BF4-8095-4C76-BC4C-4A09767AF463} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job => C:\WINDOWS\vVX1000.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_IRSA.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\IRSA\Desktop\MapCycLe\AGIO\Одноклассники.lnk -> C:\Users\IRSA\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\AMX Mod X\Documentation.lnk -> hxxp://wiki.tcwonline.org/index.php/Category:Documentation_%28AMX_Mod_X%2

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 13:49 - 2017-09-29 13:49 - 000149840 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-10-20 10:17 - 2015-10-20 10:17 - 000242176 _____ () C:\Program Files\4game\3.6.2.257\PocoUtil.dll
2015-10-20 10:18 - 2015-10-20 10:18 - 000714240 _____ () C:\Program Files\4game\3.6.2.257\PocoNet.dll
2015-10-20 10:16 - 2015-10-20 10:16 - 000394240 _____ () C:\Program Files\4game\3.6.2.257\PocoXML.dll
2016-08-11 17:41 - 2016-06-25 07:52 - 000018432 _____ () C:\Program Files\Remote Mouse\RemoteMouseService.exe
2016-03-12 18:39 - 2015-05-26 18:54 - 000152576 _____ () C:\Program Files\Remote Mouse\FileS.dll
2018-01-07 13:02 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-07 13:02 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2016-03-28 20:07 - 2016-03-28 20:07 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-01-04 18:09 - 2018-01-04 18:09 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 007817728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001518592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 07:50 - 2017-07-11 07:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files\Skype\Phone\skypert.dll
2017-12-12 23:20 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 001886712 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001773560 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-12 23:20 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 23:20 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 009802232 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001505784 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 23:21 - 2017-12-12 23:21 - 000513016 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 23:21 - 2017-12-12 23:21 - 002662904 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001517048 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 23:22 - 2017-12-12 23:22 - 002749944 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2018-01-03 10:10 - 2018-01-03 10:10 - 000075264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 10:10 - 2018-01-03 10:10 - 000166400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 10:10 - 2018-01-03 10:10 - 017748992 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 10:10 - 2018-01-03 10:10 - 001784832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\skypert.dll
2018-01-04 15:11 - 2017-12-14 04:21 - 003062104 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2018-01-04 15:11 - 2017-12-14 04:21 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.108\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\sharepoint.com -> hxxps://eduvantaa-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-01-04 18:10 - 000002361 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       cdneu.limicimi.com
127.0.0.1       cdnus.limicimi.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-514558421-1968590340-419934471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\IRSA\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c593bda2-99e9-474c-bd85-f6ae8d21ddbc}.JPG
DNS Servers: 62.241.198.246 - 62.241.198.245
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "VX1000"
HKLM\...\StartupApproved\Run: => "LifeCam"
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "Razer Imperator Driver"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C4446571-F1E3-4784-A612-798749D7DD11}] => (Allow) C:\Users\IRSA\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe
FirewallRules: [{09271E48-B79C-4E97-B6B8-12BA33A23D2E}] => (Allow) C:\Program Files\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [{1CBE6266-6DA3-4B5C-9624-30363EB1BB7F}] => (Allow) C:\Program Files\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [UDP Query User{65A78960-1B85-42AA-8E47-53D504302281}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{669D8DDB-28A3-48F4-82EB-8F2DCCB8FF3F}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{A5AE9FCD-A293-48B4-86CA-1EE0E0E9BD47}C:\users\irsa\appdata\local\crossout\launcher.exe] => (Allow) C:\users\irsa\appdata\local\crossout\launcher.exe
FirewallRules: [TCP Query User{057D3DAA-8EC6-4636-A1EF-8DB8F07C8D3D}C:\users\irsa\appdata\local\crossout\launcher.exe] => (Allow) C:\users\irsa\appdata\local\crossout\launcher.exe
FirewallRules: [{87B55D18-6B56-45E6-972F-1270EACBFFC6}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{6C597BF7-E3AF-427E-8B5D-BC884F8C2400}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [UDP Query User{7C073F53-4FCF-4C84-A207-60A705B463DF}C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe
FirewallRules: [TCP Query User{B5E21945-ECA8-48C4-A061-A116668D711F}C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe
FirewallRules: [{2AE83179-1BD1-4B4C-A71A-7AA0ECC25892}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{755A596F-B85C-4498-91EE-BC20A4DBBF7B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{76DBF9F3-8E15-4041-A710-3A5DA399612D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{56EF43B8-55A2-4C08-8067-2C151F28A761}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5C8588F5-1DB0-4BFE-9353-A0890BBC1B3E}] => (Allow) C:\Users\IRSA\Desktop\PointBlank\PointBlank.exe
FirewallRules: [{D0B67361-C5A8-4CD8-B4C9-2F5E85010A13}] => (Allow) C:\Users\IRSA\Desktop\PointBlank\PointBlank.exe
FirewallRules: [{F858993A-A984-4E6F-8DCC-67CE38C16079}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{106C7294-5CBA-4DB1-B273-07755856625B}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{06226776-F03E-4E89-BF47-B262D2479FED}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{D86E70F1-141B-4726-8CF7-13FD36775845}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{854CF225-125A-405F-8D4D-BA116796269F}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [TCP Query User{690FE2A3-FCA6-4DCD-876B-D22225874694}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [{2C5BD297-7BD2-4CA4-BBF7-70B6C768366F}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{542909FA-5D9E-48A3-B05F-289B0C5BE32A}] => (Allow) C:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{C403C2F6-0B84-4DAA-92AB-B91E55B1C169}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{86C7AC6D-C249-41DD-AE0E-CBF60FB9D897}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D5A3416F-38BB-40D4-B7CE-A54C80432F26}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{49DFB1F1-ABC6-4EE8-8D25-CE0D8A0EFD9F}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{360F3C00-B5B6-486C-B792-85D346575FFA}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{AB70F8D8-1E61-4B97-864D-0662988E202F}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{4F5ACB03-9E38-4CA0-B946-BF9E3B4A1B40}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouse.exe
FirewallRules: [{52BD78FF-2FD8-44B6-9D7B-5CAC421644CF}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouse.exe
FirewallRules: [{38BBEEE0-BAC1-45B5-8758-AA6C52CE962F}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BD32D8B3-EE3F-4049-B9B7-FF18A9E3B279}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5A5A0C13-FC25-4348-B22D-E08AAC98E6C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6C6B8296-B9F6-4339-8F0C-EE8009C9C4F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9F32B80E-07D7-461D-9450-EFCEB75F88A1}C:\counter-strike 2d\cs2d.exe] => (Block) C:\counter-strike 2d\cs2d.exe
FirewallRules: [TCP Query User{A15A7896-C386-4579-AF39-821D854561A2}C:\counter-strike 2d\cs2d.exe] => (Block) C:\counter-strike 2d\cs2d.exe
FirewallRules: [UDP Query User{3D2D18D0-849F-4E15-B8D7-2668303DADF8}C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe
FirewallRules: [TCP Query User{E8306369-7C7E-4E6C-A5B7-34C2511B2284}C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe
FirewallRules: [UDP Query User{9E615680-9004-4BB4-974A-F99774BD284D}C:\users\irsa\downloads\tools\steamcmd.exe] => (Allow) C:\users\irsa\downloads\tools\steamcmd.exe
FirewallRules: [TCP Query User{E1A2F052-733F-4DB5-9240-D36C6D7AD6E2}C:\users\irsa\downloads\tools\steamcmd.exe] => (Allow) C:\users\irsa\downloads\tools\steamcmd.exe
FirewallRules: [UDP Query User{025218B5-5EA4-4227-93B8-75C8645111B7}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{345A8E3B-3D75-4D57-A724-E397823AFFE6}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{30C450CF-6735-4F5E-8D97-A3FE821BC550}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CE7414D0-AB53-4B71-8E15-02C880A082B2}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6299DB5A-AFE1-4FCF-8A97-2E1BEEFC4114}] => (Allow) C:\Games\PointBlank\PointBlank.exe
FirewallRules: [{BA8ABF5C-1E37-4918-A524-AD07830F2690}] => (Allow) C:\Games\PointBlank\PointBlank.exe
FirewallRules: [UDP Query User{743CB00E-768B-48B6-9076-C2D0FD213C0E}C:\counter-strike 2d\counterstrike2d.exe] => (Block) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [TCP Query User{C5E6D60E-FDED-4FF6-B960-1747DE5AD1ED}C:\counter-strike 2d\counterstrike2d.exe] => (Block) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{89261A25-649E-4E6F-9F6B-CF3A78BA0674}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Block) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{BCB71659-A796-450A-AFD4-35EBB8D0D61F}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Block) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{F7239F5B-6CE6-488B-AF84-52DF11ED9E82}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{770C36B0-4529-4A62-B9C8-184627E7EB4D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{C1591299-BD7C-4F9A-BE4D-5B98030C2967}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{6BBA636A-9482-47C5-829B-7ADEE3238BF6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{ED9B548B-8CCF-47DC-8EDA-BFD456B3422F}C:\counter-strike\hl.exe] => (Block) C:\counter-strike\hl.exe
FirewallRules: [TCP Query User{12C70D47-1959-4AA8-A473-D3FE39067183}C:\counter-strike\hl.exe] => (Block) C:\counter-strike\hl.exe
FirewallRules: [UDP Query User{6E9269C7-58CF-4E09-B689-EB5B77E3C7C2}C:\users\irsa\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\irsa\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{DBE92195-166D-4314-83CE-D0CB8A35DE00}C:\users\irsa\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\irsa\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1F3A7E7B-7E8F-4CB4-9A90-39BD4F5A4854}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{58452F0F-5BE3-4BCB-A1CC-CEC7B0B05089}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{32EAA4CB-32BC-41BC-A56B-29F94FA135E2}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{DD7A7822-5A1A-4F3F-944F-15A8D67F1FFF}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{3E678333-E603-445D-B303-23ECF35992F2}C:\counter-strike 2d\counterstrike2d.exe] => (Allow) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{4C4853F3-B74B-4AFB-9FFC-BBDA24FC849E}C:\counter-strike 2d\counterstrike2d.exe] => (Allow) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [TCP Query User{4FBCACB9-D4A0-4FFD-A1A1-BFD2EE186B8D}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DDD23182-076C-4C91-978D-83AF897844CA}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{636F0C87-242F-47AA-9CBC-B0E8196C0057}C:\program files\remote mouse\remotemouse.exe] => (Block) C:\program files\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{C77CAA59-E318-409E-AC70-E7D81DBD1680}C:\program files\remote mouse\remotemouse.exe] => (Block) C:\program files\remote mouse\remotemouse.exe
FirewallRules: [{DA374C25-93E7-482C-98F0-0AF85C43C528}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1FDA8B24-A939-46D8-AB0A-25BEA93EF1B1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{8D14F797-771C-450D-B207-108F1ED1A8A1}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6514848-7133-466E-B7A0-FB0AD7986FCE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{DF110073-8233-4F08-93AA-E19B7023F8EE}] => (Allow) C:\Users\IRSA\AppData\Local\Programs\Opera\49.0.2725.64\opera.exe
FirewallRules: [{260479D7-75D6-4606-8FFA-EEBFE2E82F76}] => (Allow) C:\Users\IRSA\Desktop\MapCycLe\PointBlank\PointBlank.exe
FirewallRules: [{0F272B18-A41C-477D-84C5-38CC51E80DEE}] => (Allow) C:\Users\IRSA\Desktop\MapCycLe\PointBlank\PointBlank.exe
FirewallRules: [TCP Query User{CD26583C-EAC1-4D83-8EFC-4B2F3166D368}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{EB0B887E-744A-4ECD-BC47-6F5AE010A929}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [{4FB442C4-026E-4097-9F52-FFDEC1B33263}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{131DB3AB-C50D-4C3A-A93A-D9BA65F7EA35}] => (Allow) C:\Program Files\Steam\steamapps\common\CS2D\CS2D.exe
FirewallRules: [{3336D7EF-1AE6-4C4D-B929-CA318D525C19}] => (Allow) C:\Program Files\Steam\steamapps\common\CS2D\CS2D.exe

==================== Restore Points =========================

04-01-2018 14:03:17 Scheduled Checkpoint
05-01-2018 21:51:51 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2018 10:28:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 1299ef7b-50b3-431e-9f1f-db86e93424a0
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: bd3316bd-ff0c-408d-90e0-d5fa48138b49
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 9ae29782-3d0d-473e-85cf-523834325b7c
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 826dfb49-fd29-41e3-8b50-59ea59b11557
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 5c346a5d-1087-4835-be6a-d03b5a68abd7
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 26039bfa-de18-45a8-8571-f57ee9c8a3e1
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: d491d7fd-ef24-4e1c-bc47-bc0d4cc200a9
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x12834372
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 654b240c-aca1-464c-b14e-0d351509c02e
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2018 07:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 319811614.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0xa7c
Faulting application start time: 0x01d38713c04ac5e1
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-2DBKN.tmp\319811614.exe
Faulting module path: unknown
Report Id: 6416c213-0246-4b6f-a396-3557d461728e
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2018 07:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 319811614.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0xa7c
Faulting application start time: 0x01d38713c04ac5e1
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-2DBKN.tmp\319811614.exe
Faulting module path: unknown
Report Id: 4af50f5c-27cb-4b02-afde-5ea731ed353a
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/07/2018 01:46:55 PM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/07/2018 01:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (01/07/2018 01:40:53 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:51:13 PM) (Source: DCOM) (EventID: 10010) (User: IRSA-PC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/07/2018 12:36:14 PM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/07/2018 12:32:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading

Error: (01/07/2018 12:32:04 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:31:19 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:32:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:12:09 PM on ‎1/‎7/‎2018 was unexpected.

Error: (01/07/2018 11:50:03 AM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2018-01-07 13:02:32.017
  Description: N/A

  Date: 2018-01-04 18:33:48.566
  Description: N/A


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 245 Processor
Percentage of memory in use: 61%
Total physical RAM: 3327.28 MB
Available physical RAM: 1280.05 MB
Total Virtual: 6655.28 MB
Available Virtual: 3914.67 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:685.49 GB) (Free:536.33 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.61 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (M&B GM) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A6F7C060)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by IRSA (administrator) on IRSA-PC (07-01-2018 13:48:56)
Running from C:\Users\IRSA\Desktop
Loaded Profiles: IRSA (Available Profiles: IRSA & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1709 16299.125 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Innova Co S.a r.l.) C:\Program Files\4game\3.6.2.257\4game-service.exe
() C:\Program Files\Remote Mouse\RemoteMouseService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(RemoteMouse.net) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files\Remote Mouse\RemoteMouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Discord Inc.) C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [130448288 2017-12-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2312824 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Razer Imperator Driver] => C:\Program Files\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1150488 2016-09-25] (Highresolution Enterprises)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02] (Logitech, Inc.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [Discord] => C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Run: [MurGee.com Auto Clicker] => C:\Users\IRSA\Desktop\install\Auto Clicker\AutoClicker.exe [128160 2017-12-24] (MurGee.com)
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\MountPoints2: {80c2d260-51e0-11e6-b81e-806e6f6e6963} - "E:\Autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-03-16]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-03-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.241.198.246 62.241.198.245
Tcpip\..\Interfaces\{770a0e7d-4e93-48e6-9cd0-21d13228c82d}: [DhcpNameServer] 62.241.198.246 62.241.198.245

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={880B23DF-C5A9-4566-9AA6-845122901CED}&mid=f12e4678c92847cc80a8b57816a551fc-72f28fcfded09090e0f734e4a3cd1fda34fcadd0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816av&pr=fr&d=2016-02-19 18:09:52&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-514558421-1968590340-419934471-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_92-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3yre5jmi.default
FF ProfilePath: C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default [2018-01-07]
FF user.js: detected! => C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default\user.js [2016-03-06]
FF Homepage: Mozilla\Firefox\Profiles\3yre5jmi.default -> hxxps://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636
FF NewTab: Mozilla\Firefox\Profiles\3yre5jmi.default -> about:newtab
FF NewTabOverride: Mozilla\Firefox\Profiles\3yre5jmi.default -> Enabled: homepage@mail.ru
FF SearchPlugin: C:\Users\IRSA\AppData\Roaming\Mozilla\Firefox\Profiles\3yre5jmi.default\searchplugins\avg-secure-search.xml [2016-07-22]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-02-26] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-01-07]
FF Plugin: @4game.com/plugin -> C:\Program Files\4game\3.6.2.257\npplugin4game.dll [2017-10-17] (Innova Co S.a r.l.)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-04] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default [2018-01-07]
CHR Extension: (Slides) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-04]
CHR Extension: (Docs) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Sheets) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (AdBlock) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\IRSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Tampermonkey) - C:\Users\IRSA\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-04]
OPR Extension: (ScriptGate) - C:\Users\IRSA\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-01-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4game-service; C:\Program Files\4game\3.6.2.257\4game-service.exe [1686008 2017-10-17] (Innova Co S.a r.l.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1288712 2017-07-01] ()
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [472856 2018-01-04] (McAfee, Inc.)
R2 RemoteMouseService; C:\Program Files\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [70312 2012-12-28] (Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [22184 2012-12-28] (Advanced Micro Devices)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [158224 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255584 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157376 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276696 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50344 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [118144 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42824 2017-12-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124408 2017-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [99528 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70832 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783104 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [390272 2017-12-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [151328 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [294680 2017-12-22] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-29] ()
S3 Frost_10_17_0_11; C:\Users\IRSA\Desktop\MapCycLe\PointBlank\frost\frost.sys [80432 2017-07-22] (Innova)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [38416 2015-06-18] (Logitech, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [168376 2018-01-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [91576 2018-01-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [40376 2018-01-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2018-01-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [75712 2018-01-07] (Malwarebytes)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [88448 2017-02-14] (McAfee, Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo_0061.sys [37920 2016-03-26] (SoftEther Corporation)
S3 Neo_VPN2; C:\WINDOWS\System32\DRIVERS\Neo_0012.sys [37920 2016-03-26] (SoftEther Corporation)
S1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology) [File not signed]
R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-09-29] (Realtek )
R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VX1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-01-04] (Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 13:48 - 2018-01-07 13:49 - 000018910 _____ C:\Users\IRSA\Desktop\FRST.txt
2018-01-07 13:48 - 2018-01-07 13:48 - 001753600 _____ (Farbar) C:\Users\IRSA\Desktop\FRST.exe
2018-01-07 13:48 - 2018-01-07 13:48 - 000000000 ____D C:\FRST
2018-01-07 13:42 - 2018-01-07 13:42 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-07 13:02 - 2018-01-07 13:42 - 000091576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-07 13:02 - 2018-01-07 13:42 - 000075712 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-07 13:02 - 2018-01-07 13:42 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000168376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-07 13:02 - 2018-01-07 13:02 - 000002099 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 13:02 - 2018-01-07 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 13:02 - 2018-01-07 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 13:02 - 2017-11-29 09:11 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2018-01-07 13:01 - 2018-01-07 13:02 - 083316440 _____ (Malwarebytes ) C:\Users\IRSA\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2018-01-07 12:46 - 2018-01-07 12:46 - 000688992 ____R (Swearware) C:\Users\IRSA\Downloads\dds.com
2018-01-07 12:31 - 2018-01-07 12:31 - 443388224 _____ C:\WINDOWS\MEMORY.DMP
2018-01-05 18:48 - 2018-01-05 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto-Keyboard 9.0
2018-01-05 18:48 - 2018-01-05 18:48 - 000000000 ____D C:\Program Files\AutoKeyboard90
2018-01-05 18:47 - 2018-01-05 18:48 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\GetRightToGo
2018-01-05 18:46 - 2018-01-05 18:46 - 000367904 _____ (RegNow.com) C:\Users\IRSA\Downloads\Download_autokeyboardsetup.exe
2018-01-05 18:21 - 2018-01-05 18:21 - 000044093 _____ C:\Users\IRSA\Downloads\AutoKeyClicker v1.2.3.zip
2018-01-05 18:21 - 2018-01-05 18:21 - 000000000 ____D C:\Users\IRSA\AppData\Local\lolStudios
2018-01-05 18:19 - 2018-01-05 18:19 - 000534851 _____ C:\Users\IRSA\Downloads\Autosofted_Auto_Mouse_Clicker1.7.rar
2018-01-05 18:18 - 2018-01-05 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Mouse Auto Clicker
2018-01-05 18:18 - 2018-01-05 18:18 - 000000000 ____D C:\Program Files\Super Mouse Auto Clicker
2018-01-05 18:17 - 2018-01-05 18:39 - 000001028 _____ C:\Users\IRSA\Desktop\auto-clicker.lnk
2018-01-05 18:17 - 2018-01-05 18:18 - 000692402 _____ (Advanced Mouse Auto Clicker, Ltd. ) C:\Users\IRSA\Downloads\SuperMouseAutoClickerSetup.exe
2018-01-05 18:17 - 2018-01-05 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auto-clicker
2018-01-05 18:17 - 2018-01-05 18:17 - 000000000 ____D C:\Program Files\auto-clicker
2018-01-05 18:16 - 2018-01-05 18:16 - 001031608 _____ ( ) C:\Users\IRSA\Downloads\setup (7).exe
2018-01-05 18:14 - 2018-01-05 18:14 - 000783175 _____ C:\Users\IRSA\Downloads\OP Auto Clicker 2.1.exe
2018-01-05 18:13 - 2018-01-05 18:13 - 001704323 _____ ( ) C:\Users\IRSA\Downloads\OP Auto Clicker 2.1_2853322528.exe
2018-01-05 18:08 - 2018-01-05 18:08 - 000848536 _____ (MurGee.com ) C:\Users\IRSA\Downloads\setup (6).exe
2018-01-05 18:08 - 2018-01-05 18:08 - 000000000 ____D C:\Users\IRSA\Desktop\install
2018-01-05 14:34 - 2018-01-05 14:34 - 000012447 _____ C:\Users\IRSA\Downloads\toimeentulotukihakemus.pdf
2018-01-05 13:15 - 2018-01-05 13:15 - 008783235 _____ C:\Users\IRSA\Downloads\Untitled_Message (1).zip
2018-01-05 12:16 - 2018-01-05 12:17 - 000088688 _____ C:\Users\IRSA\Downloads\kela (45).pdf
2018-01-04 23:52 - 2018-01-04 23:52 - 000444952 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2018-01-04 23:52 - 2018-01-04 23:52 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2018-01-04 23:52 - 2018-01-04 23:52 - 000000000 ____D C:\Program Files\OpenAL
2018-01-04 23:27 - 2018-01-04 23:27 - 000000216 _____ C:\Users\IRSA\Desktop\CS2D.url
2018-01-04 18:31 - 2018-01-04 18:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-04 18:30 - 2018-01-04 18:31 - 083316440 _____ (Malwarebytes ) C:\Users\IRSA\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-04 18:10 - 2018-01-04 18:14 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-04 18:09 - 2018-01-07 13:49 - 000053627 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-04 18:09 - 2018-01-07 13:49 - 000024270 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-04 18:09 - 2018-01-04 18:09 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2018-01-04 18:09 - 2018-01-04 18:09 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2018-01-04 18:09 - 2018-01-04 18:09 - 000001963 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-01-04 18:09 - 2018-01-04 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-04 18:09 - 2018-01-04 18:09 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2018-01-04 18:08 - 2018-01-04 18:08 - 006625600 _____ (Zemana Ltd. ) C:\Users\IRSA\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-04 18:08 - 2018-01-04 18:08 - 000000000 ____D C:\Users\IRSA\AppData\Local\Zemana
2018-01-04 15:12 - 2018-01-04 15:12 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Google
2018-01-04 15:11 - 2018-01-04 15:11 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 15:11 - 2018-01-04 15:11 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-04 14:32 - 2018-01-04 14:42 - 000000000 ____D C:\Users\IRSA\AppData\Local\Go!
2018-01-04 14:32 - 2017-09-29 13:50 - 000059904 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe
2018-01-04 14:32 - 2017-09-29 13:49 - 000174592 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\bycDTZwmu.exe
2018-01-04 14:32 - 2017-09-29 13:49 - 000001133 _____ C:\Users\IRSA\AppData\Local\IEeyIEesN
2018-01-04 14:32 - 2017-09-29 13:49 - 000001060 _____ C:\Users\IRSA\AppData\Roaming\oHyee
2018-01-04 14:32 - 2017-09-29 13:49 - 000000067 _____ C:\WINDOWS\ybuhOEuyPZa
2018-01-04 14:32 - 2017-09-29 13:49 - 000000065 _____ C:\WINDOWS\system32\zfcuFyAYWve
2018-01-04 14:30 - 2018-01-04 14:30 - 000000469 _____ C:\Users\IRSA\Downloads\R8_NON-STEAM_IMPK_GFP9U4.torrent
2018-01-04 14:24 - 2018-01-04 14:24 - 010303699 _____ C:\Users\IRSA\Downloads\Чит R8 CS 1.6 .rar
2018-01-04 14:18 - 2018-01-04 14:48 - 000000000 ____D C:\Users\IRSA\AppData\LocalLow\uTorrent
2018-01-04 14:17 - 2018-01-04 14:17 - 000000499 _____ C:\Users\IRSA\Downloads\R8_NON-STEAM_CHEETAH_2.1_KBDYGN.torrent
2018-01-02 09:26 - 2018-01-02 09:26 - 000088688 _____ C:\Users\IRSA\Downloads\kela (44).pdf
2018-01-01 20:13 - 2018-01-01 20:13 - 000001401 _____ C:\Users\Public\Desktop\Counter-Strike Source.lnk
2018-01-01 20:13 - 2018-01-01 20:13 - 000001351 _____ C:\Users\Public\Desktop\Updating Counter-Strike Source.lnk
2018-01-01 19:50 - 2018-01-01 19:51 - 052921360 _____ C:\Users\IRSA\Downloads\GrowtopiaInstaller (13).exe
2018-01-01 18:16 - 2018-01-01 18:16 - 000143695 _____ C:\Users\IRSA\Downloads\def_knife_rainbow.rar
2017-12-31 11:23 - 2017-12-31 11:23 - 000499402 _____ C:\Users\IRSA\Downloads\LIS_9499759.pdf
2017-12-31 11:22 - 2017-12-31 11:22 - 000393210 _____ C:\Users\IRSA\Downloads\LIS_9727013 (2).pdf
2017-12-30 11:11 - 2017-12-30 11:11 - 000088688 _____ C:\Users\IRSA\Downloads\kela (43).pdf
2017-12-29 15:15 - 2017-12-29 15:15 - 000090587 _____ C:\Users\IRSA\Downloads\kela (42).pdf
2017-12-29 15:14 - 2017-12-29 15:14 - 000088688 _____ C:\Users\IRSA\Downloads\kela (41).pdf
2017-12-29 15:14 - 2017-12-29 15:14 - 000088688 _____ C:\Users\IRSA\Downloads\kela (40).pdf
2017-12-27 15:18 - 2018-01-01 19:51 - 000001140 _____ C:\Users\IRSA\Desktop\Growtopia.lnk
2017-12-27 15:18 - 2017-12-27 15:18 - 052739224 _____ C:\Users\IRSA\Downloads\GrowtopiaInstaller (12).exe
2017-12-26 19:36 - 2017-12-26 19:36 - 000090776 _____ C:\Users\IRSA\Downloads\kela (39).pdf
2017-12-26 19:35 - 2017-12-26 19:35 - 000083422 _____ C:\Users\IRSA\Downloads\kela (38).pdf
2017-12-26 19:34 - 2017-12-26 19:34 - 000089983 _____ C:\Users\IRSA\Downloads\kela (37).pdf
2017-12-26 19:27 - 2017-12-26 19:27 - 003225838 _____ C:\Users\IRSA\Downloads\Untitled_Message.zip
2017-12-23 13:20 - 2018-01-04 16:34 - 000000000 ___RD C:\Users\IRSA\Desktop\MapCycLe
2017-12-22 07:05 - 2017-12-22 07:05 - 000305840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-22 07:05 - 2017-12-22 07:05 - 000118144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-12-16 22:06 - 2017-12-16 22:30 - 000000000 ____D C:\Users\IRSA\Documents\Mount&Blade Savegames
2017-12-16 22:03 - 2017-12-17 18:16 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Mount&Blade
2017-12-16 22:03 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-16 22:03 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-16 22:03 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-16 22:03 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-16 22:03 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-16 22:03 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-16 22:03 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-16 22:03 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-16 22:03 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-16 22:03 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-16 22:03 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-16 22:03 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-16 22:03 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-16 22:03 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-16 22:03 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-16 22:03 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-16 22:03 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-16 22:03 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-16 22:03 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-16 22:03 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-16 22:03 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-16 22:03 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-16 22:03 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-16 22:03 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-16 22:03 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-16 22:03 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-16 22:03 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-16 22:03 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-16 22:03 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-12-16 22:03 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-16 22:03 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-16 22:03 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-16 22:03 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-16 22:03 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-16 22:02 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-16 22:02 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-16 22:02 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-16 22:02 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-16 22:02 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-16 22:02 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-16 22:02 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-16 22:02 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-16 22:02 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-16 22:02 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-16 22:02 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-16 22:02 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-16 22:01 - 2017-12-16 22:01 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2017-12-16 22:00 - 2017-12-16 22:05 - 000000000 ____D C:\Program Files\Mount&Blade
2017-12-16 21:32 - 2017-12-16 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2017-12-16 21:32 - 2017-12-16 21:32 - 000000000 ____D C:\Program Files\InstallShield Installation Information
2017-12-16 21:23 - 2017-12-16 21:23 - 000000000 ____D C:\Program Files\Codemasters
2017-12-15 18:44 - 2017-12-15 18:44 - 000000000 ____D C:\Users\IRSA\AppData\Local\DBG
2017-12-13 18:21 - 2017-12-13 18:21 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-12-13 09:17 - 2017-12-13 09:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-13 09:15 - 2017-12-13 09:15 - 000000000 ___HD C:\Users\IRSA\MicrosoftEdgeBackups
2017-12-13 09:14 - 2017-12-13 09:14 - 000000000 ___RD C:\Users\IRSA\3D Objects
2017-12-13 09:13 - 2017-12-13 09:13 - 009497600 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-12-13 09:13 - 2017-12-13 09:13 - 000000020 ___SH C:\Users\IRSA\ntuser.ini
2017-12-13 09:12 - 2018-01-07 13:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-13 09:10 - 2017-12-13 09:12 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-12-13 09:10 - 2017-12-13 09:12 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-12-13 08:58 - 2017-12-13 08:58 - 000000000 ____D C:\ProgramData\USOShared
2017-12-13 08:57 - 2017-12-13 08:57 - 000001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-13 08:55 - 2017-12-14 13:11 - 000000000 ____D C:\Users\IRSA\AppData\Local\Packages
2017-12-13 08:54 - 2018-01-07 13:14 - 000000000 ____D C:\Users\IRSA
2017-12-13 08:54 - 2017-12-13 18:21 - 000000000 ____D C:\Users\DefaultAppPool
2017-12-13 08:49 - 2017-12-16 21:41 - 001010238 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-13 08:48 - 2017-12-13 08:48 - 000000202 ____H C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
2017-12-13 08:47 - 2018-01-07 13:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-13 08:46 - 2017-12-16 21:35 - 000385984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 05:32 - 2017-12-22 07:05 - 000783104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000390272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000294680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000276696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000255584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000158224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000157376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000151328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000124408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000099528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000070832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000050344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-12-13 05:32 - 2017-12-22 07:05 - 000042824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-13 05:31 - 2017-12-13 05:31 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-12-13 05:30 - 2017-12-13 18:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-13 05:25 - 2017-12-13 05:30 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-13 05:18 - 2017-12-13 05:18 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006403480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 004937224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 004145488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002491112 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002342400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002315776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002247168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002116504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 002062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001995672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001982976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001859584 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 001851288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001771008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001336544 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-12-13 05:17 - 2017-12-13 05:17 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000973648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000817152 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000717464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000608664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000538760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000535448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000530152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000508848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000499608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000478616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000454040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000445336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000434072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-13 05:17 - 2017-12-13 05:17 - 000414824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000368536 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000368536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000353176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000337304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 05:17 - 2017-12-13 05:17 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000322968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000300952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000278936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000253144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000233368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000213840 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000167832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000166632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000155544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000142640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000131992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscript.ocx
2017-12-13 05:17 - 2017-12-13 05:17 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000075776 _____ C:\WINDOWS\system32\runexehelper.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000065432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000049560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000043416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 05:17 - 2017-12-13 05:17 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000038296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-13 05:17 - 2017-12-13 05:17 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\Program Files\MSBuild
2017-12-13 05:07 - 2017-12-13 05:07 - 000000000 ____D C:\inetpub
2017-12-13 05:05 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-12-13 05:05 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-13 05:05 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-12-13 05:03 - 2017-09-28 20:54 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-12-13 05:03 - 2017-09-28 18:50 - 014014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-12-13 05:03 - 2017-09-28 18:46 - 000375296 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-12-13 05:03 - 2017-09-28 18:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-12-13 05:03 - 2017-09-28 18:44 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-12-13 05:03 - 2017-09-28 18:41 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-12-13 05:03 - 2017-09-28 18:40 - 003657216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-12-13 05:03 - 2017-09-28 18:40 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-12-13 05:03 - 2017-09-28 18:38 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-12-13 05:03 - 2017-09-28 18:37 - 004550144 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-12-13 05:03 - 2017-09-28 18:35 - 002216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-12-13 05:03 - 2017-09-28 18:35 - 001496064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-12-13 05:03 - 2017-09-28 18:35 - 000921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-12-13 05:03 - 2017-09-28 18:34 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-12-13 05:03 - 2017-09-28 18:34 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-12-13 05:03 - 2017-09-28 18:31 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-12-13 05:02 - 2017-09-28 18:44 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0019.dll
2017-12-13 05:01 - 2017-09-28 18:44 - 008071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm000b.dll
2017-12-13 04:42 - 2017-12-13 04:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-11 04:31 - 2017-12-14 15:54 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-09 23:59 - 2017-12-09 23:59 - 004466282 _____ C:\Users\IRSA\Downloads\bo-ak47.rar
2017-12-09 23:58 - 2017-12-09 23:58 - 009941158 _____ C:\Users\IRSA\Downloads\d16rs_edisleado_upd4_2 (1).rar
2017-12-09 23:58 - 2017-12-09 23:58 - 005541663 _____ C:\Users\IRSA\Downloads\hltv_weapon_models (2).rar
2017-12-09 23:57 - 2017-12-09 23:57 - 009941158 _____ C:\Users\IRSA\Downloads\d16rs_edisleado_upd4_2.rar
2017-12-09 23:56 - 2017-12-09 23:56 - 016740215 _____ C:\Users\IRSA\Downloads\ts_default_weapon_retex (1).rar
2017-12-09 23:55 - 2017-12-09 23:55 - 016740215 _____ C:\Users\IRSA\Downloads\ts_default_weapon_retex.rar
2017-12-09 23:54 - 2017-12-09 23:54 - 003918687 _____ C:\Users\IRSA\Downloads\hd_models_3 (1).rar
2017-12-09 23:43 - 2017-12-09 23:43 - 007545482 _____ C:\Users\IRSA\Downloads\csgo_fiveseven_skins.rar
2017-12-09 23:41 - 2017-12-09 23:41 - 004413209 _____ C:\Users\IRSA\Downloads\mp5_akoben.rar
2017-12-09 23:41 - 2017-12-09 23:41 - 004413209 _____ C:\Users\IRSA\Downloads\mp5_akoben (1).rar
2017-12-09 23:39 - 2017-12-09 23:39 - 002012739 _____ C:\Users\IRSA\Downloads\default_ak-47_jaguar.rar
2017-12-09 23:37 - 2017-12-09 23:37 - 001386035 _____ C:\Users\IRSA\Downloads\default_m4a1-s_golden_coil_fb251.rar
2017-12-09 23:27 - 2017-12-09 23:27 - 007509102 _____ C:\Users\IRSA\Downloads\csgo_huntsman_knife_ade46.7z

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-07 13:45 - 2016-02-20 14:11 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Skype
2018-01-07 13:41 - 2016-06-04 22:35 - 000000000 ____D C:\Program Files\McAfee
2018-01-07 12:32 - 2016-11-28 14:42 - 000000280 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_IRSA.job
2018-01-07 12:13 - 2017-09-29 13:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-07 09:37 - 2017-05-12 13:24 - 000000000 ____D C:\Program Files\Steam
2018-01-06 18:33 - 2016-02-19 15:12 - 000000000 ____D C:\Users\IRSA\AppData\Local\Growtopia
2018-01-06 08:51 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-06 05:44 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-05 18:14 - 2016-06-04 22:35 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-01-05 18:14 - 2016-06-04 22:27 - 000000000 ____D C:\ProgramData\McAfee
2018-01-05 18:08 - 2017-07-21 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2018-01-05 15:13 - 2016-05-15 14:57 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-01-05 09:44 - 2017-09-29 13:52 - 000000000 ____D C:\WINDOWS\INF
2018-01-05 09:44 - 2016-02-20 13:52 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\uTorrent
2018-01-05 07:30 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-05 07:29 - 2017-09-29 13:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-04 23:27 - 2017-01-02 17:14 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-04 19:15 - 2017-08-31 13:59 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2018-01-04 19:15 - 2017-07-18 13:57 - 000000000 ____D C:\Program Files\WinZip Registry Optimizer
2018-01-04 19:15 - 2017-03-16 14:57 - 000000000 ____D C:\ProgramData\WinZip
2018-01-04 19:15 - 2017-03-16 14:53 - 000000000 ____D C:\Program Files\ByteFence
2018-01-04 19:15 - 2016-03-23 16:03 - 000000000 ____D C:\Program Files\Amazon
2018-01-04 19:14 - 2017-09-29 07:31 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-04 19:11 - 2016-03-28 23:22 - 000000000 ____D C:\Users\IRSA\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2018-01-04 18:47 - 2017-08-31 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-01-04 18:47 - 2016-07-16 10:29 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-04 18:07 - 2017-03-07 07:25 - 000000000 ____D C:\Users\IRSA\AppData\LocalLow\Mozilla
2018-01-04 15:11 - 2016-12-20 19:19 - 000000000 ____D C:\Users\IRSA\AppData\Local\Google
2018-01-04 15:11 - 2016-02-17 17:10 - 000000000 ____D C:\Program Files\Google
2018-01-04 14:54 - 2016-06-04 22:28 - 000000000 ____D C:\Users\IRSA\AppData\Local\Unity
2018-01-03 12:09 - 2016-02-17 14:26 - 000000000 ____D C:\Users\IRSA\AppData\Local\ElevatedDiagnostics
2018-01-03 10:06 - 2017-09-29 07:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-23 16:40 - 2016-11-12 14:28 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\TS3Client
2017-12-22 09:47 - 2017-06-30 13:59 - 000001357 _____ C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-22 07:06 - 2017-06-06 22:21 - 000055160 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-16 11:29 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 07:48 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-13 18:46 - 2017-09-29 13:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-13 18:43 - 2017-10-07 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-12-13 18:43 - 2017-09-29 13:58 - 000000000 ____D C:\WINDOWS\Setup
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\IME
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\schemas
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-13 18:43 - 2017-09-29 13:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-13 18:43 - 2017-08-02 12:57 - 000000000 ____D C:\WINDOWS\ShellNew
2017-12-13 18:43 - 2017-08-02 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-12-13 18:43 - 2017-07-30 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2017-12-13 18:43 - 2017-07-22 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4game
2017-12-13 18:43 - 2017-07-21 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2017-12-13 18:43 - 2017-07-11 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free Cam 8
2017-12-13 18:43 - 2017-07-05 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-13 18:43 - 2017-05-12 19:52 - 000000000 ____D C:\Program Files\UNP
2017-12-13 18:43 - 2017-05-12 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-13 18:43 - 2017-03-16 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-12-13 18:43 - 2017-03-16 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2017-12-13 18:43 - 2017-03-15 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-13 18:43 - 2017-01-28 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D
2017-12-13 18:43 - 2016-11-28 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-13 18:43 - 2016-11-28 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-12-13 18:43 - 2016-09-24 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-12-13 18:43 - 2016-09-24 18:45 - 000000000 ____D C:\Program Files\IIS
2017-12-13 18:43 - 2016-09-24 18:39 - 000000000 ____D C:\WINDOWS\system32\1033
2017-12-13 18:43 - 2016-07-25 01:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 18:43 - 2016-06-09 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-12-13 18:43 - 2016-04-02 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-13 18:43 - 2016-03-23 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-13 18:43 - 2016-03-12 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2017-12-13 18:43 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-13 11:33 - 2016-07-24 22:19 - 000002366 _____ C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 11:33 - 2016-07-24 22:19 - 000000000 ___RD C:\Users\IRSA\OneDrive
2017-12-13 09:14 - 2016-07-24 22:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-13 09:14 - 2016-07-24 22:12 - 000000000 ____D C:\Users\IRSA\AppData\Local\TileDataLayer
2017-12-13 09:13 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 09:12 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-13 09:12 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\Registration
2017-12-13 09:10 - 2016-07-24 22:07 - 000021412 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-13 09:09 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\media
2017-12-13 09:01 - 2017-09-10 14:26 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2017-12-13 09:01 - 2017-07-05 23:49 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-13 09:01 - 2016-08-25 13:31 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2017-12-13 09:01 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2017-12-13 09:01 - 2016-02-22 16:37 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-13 08:58 - 2017-09-29 13:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-13 08:58 - 2017-09-29 13:55 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-13 08:55 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-13 08:55 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2017-12-13 08:55 - 2016-03-18 16:34 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2017-12-13 08:48 - 2017-09-29 07:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-13 08:48 - 2016-09-24 16:13 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-12-13 05:43 - 2017-10-12 07:18 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 05:43 - 2016-07-25 01:28 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 05:42 - 2017-09-29 13:55 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-13 05:31 - 2017-09-22 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2017-12-13 05:31 - 2017-07-12 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2017-12-13 05:31 - 2017-04-29 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-12-13 05:31 - 2017-02-26 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-12-13 05:31 - 2016-09-24 16:13 - 000000000 ____D C:\Program Files\Realtek
2017-12-13 05:31 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-13 05:19 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-13 05:19 - 2017-09-29 13:55 - 000000000 ____D C:\PerfLogs
2017-12-13 05:19 - 2017-09-29 07:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-13 05:07 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-12-13 05:06 - 2017-09-29 13:51 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-12-13 05:06 - 2017-09-29 13:51 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-12-13 05:06 - 2017-09-29 13:51 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-12-13 05:06 - 2017-09-29 13:50 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-12-13 05:06 - 2017-09-29 13:50 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-12-13 05:06 - 2017-09-29 13:49 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-12-13 05:06 - 2017-09-29 13:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-12-13 05:06 - 2017-09-29 13:49 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-12-13 05:06 - 2017-09-29 13:49 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-12-13 05:06 - 2017-09-29 13:49 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-12-13 05:04 - 2017-09-29 14:38 - 000000000 ____D C:\WINDOWS\OCR
2017-12-12 23:21 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Roaming\discord
2017-12-12 23:20 - 2017-08-12 19:35 - 000000000 ____D C:\Users\IRSA\AppData\Local\Discord
2017-12-08 07:32 - 2017-09-29 18:03 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories =======

2017-07-11 00:18 - 2017-07-11 00:18 - 000000128 ____H () C:\Users\IRSA\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-01-04 14:32 - 2017-09-29 13:49 - 000001060 _____ () C:\Users\IRSA\AppData\Roaming\oHyee
2017-09-29 13:49 - 2017-09-29 13:49 - 000001060 _____ () C:\Users\IRSA\AppData\Roaming\oHyee.bat
2017-11-17 21:20 - 2017-11-17 21:22 - 000102755 _____ () C:\Users\IRSA\AppData\Local\15DE.tmp
2017-11-17 22:01 - 2017-11-17 22:15 - 000087867 _____ () C:\Users\IRSA\AppData\Local\473.tmp
2017-11-25 21:24 - 2017-11-25 21:38 - 000097078 _____ () C:\Users\IRSA\AppData\Local\55CD.tmp
2017-02-19 22:04 - 2017-02-19 22:04 - 000053235 _____ () C:\Users\IRSA\AppData\Local\5B38.tmp
2017-01-11 16:41 - 2017-01-11 16:44 - 000115621 _____ () C:\Users\IRSA\AppData\Local\7265.tmp
2017-11-17 21:26 - 2017-11-17 22:00 - 000093472 _____ () C:\Users\IRSA\AppData\Local\7D0F.tmp
2018-01-04 14:32 - 2017-09-29 13:49 - 000174592 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\bycDTZwmu.exe
2017-01-09 15:51 - 2017-01-09 15:52 - 000021107 _____ () C:\Users\IRSA\AppData\Local\CC5.tmp
2016-04-23 12:52 - 2016-04-23 12:52 - 000003584 _____ () C:\Users\IRSA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-17 21:24 - 2017-11-17 21:25 - 000021107 _____ () C:\Users\IRSA\AppData\Local\DCF.tmp
2018-01-04 14:32 - 2017-09-29 13:49 - 000001133 _____ () C:\Users\IRSA\AppData\Local\IEeyIEesN
2017-09-29 13:49 - 2017-09-29 13:49 - 000001133 _____ () C:\Users\IRSA\AppData\Local\IEeyIEesN.bat
2018-01-04 14:32 - 2017-09-29 13:50 - 000059904 _____ (Microsoft Corporation) C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe
2016-12-01 18:56 - 2017-03-30 14:56 - 000000552 _____ () C:\Users\IRSA\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by IRSA (07-01-2018 13:50:51)
Running from C:\Users\IRSA\Desktop
Microsoft Windows 10 Home Version 1709 16299.125 (X86) (2017-12-13 07:13:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-514558421-1968590340-419934471-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-514558421-1968590340-419934471-503 - Limited - Disabled)
Guest (S-1-5-21-514558421-1968590340-419934471-501 - Limited - Disabled)
IRSA (S-1-5-21-514558421-1968590340-419934471-1000 - Administrator - Enabled) => C:\Users\IRSA
WDAGUtilityAccount (S-1-5-21-514558421-1968590340-419934471-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
4game (HKLM\...\4game) (Version: 3.6.2.257 - Innova Systems)
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Clicker v7.1 (HKLM\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 7.1 - MurGee.com)
auto-clicker 2.3.0 (HKLM\...\autoclicker_is1) (Version:  - )
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Auto-Keyboard 9.0 (HKLM\...\{CAE28200-F83E-4B83-8BEB-D8D6CA04883C}_is1) (Version:  - Auto-Keyboard)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Counter-Strike 2D 1.0.0.2 (HKLM\...\{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1) (Version:  - Unreal Software)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossout Launcher 1.0.3.18 (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\CrossOutLauncher_is1) (Version:  - )
Discord (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Epic Games Launcher (HKLM\...\{818FF838-5FCD-4FCB-AE39-4F725EBCE2A1}) (Version: 1.1.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Growtopia) (Version:  - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.20 - IObit)
iSpring Free Cam 8 (HKLM\...\{9E6D2789-25C1-4884-ACAA-32F187F96410}) (Version: 8.3.15297 - iSpring Solutions Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 92 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30642.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.14.2 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
Mozilla Firefox 57.0 (x86 fi) (HKLM\...\Mozilla Firefox 57.0 (x86 fi)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 49.0.2725.64 (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
osu! (HKLM\...\{491298e5-b7b9-4ff0-be89-7e90ee7ca97c}) (Version: latest - ppy Pty Ltd)
PointBlank (HKLM\...\4game_pointblank) (Version:  - Innova Systems)
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Race Driver 2 (HKLM\...\{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}) (Version: 1.01.0000 - Codemasters) Hidden
Race Driver 2 (HKLM\...\InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}) (Version: 1.01.0000 - Codemasters)
Razer Imperator (HKLM\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Remote Mouse version 3.002 (HKLM\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Resource Hacker Version 4.5.30 (HKLM\...\ResourceHacker_is1) (Version:  - )
Roblox Player for IRSA (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Mouse Auto Clicker 4.0.2 (HKLM\...\{39062735-0291-4C52-919E-5A80BA98E8C2}_is1) (Version:  - Advanced Mouse Auto Clicker, Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
X-Mouse Button Control 2.14 (HKLM\...\X-Mouse Button Control) (Version: 2.14 - Highresolution Enterprises)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-514558421-1968590340-419934471-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-01-04] ()
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-01-04] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2017-02-13] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000321ED-BB20-4F48-BA52-93662F103CDD} - System32\Tasks\EKaxEAAejHaGH => C:\Users\IRSA\AppData\Local\KwiEnIIuweUAh.exe [2017-09-29] (Microsoft Corporation)
Task: {0ED32C5A-7B40-40F0-84CA-A434A6B7701F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {10B3CB18-CF5B-4C3A-ADA2-5409BB59B9E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {169F5015-1EE1-44D9-8BD7-49C0CD359231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-04] (Google Inc.)
Task: {1BE04A92-E1E0-46B4-AB0D-2F4A6D3EC303} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-01-04] (Google Inc.)
Task: {1F724D2A-74F2-44A4-8DA5-F1D6E1135D15} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-13] (WinZip)
Task: {39420BA3-06CC-43FF-BF0E-DAFAB1CF8F1F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {399270DB-3046-4F48-80BC-E68420D44176} - System32\Tasks\Opera scheduled Autoupdate 1489668925 => C:\Users\IRSA\AppData\Local\Programs\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {40B80701-12D5-41E5-982F-54D9A9D2C14B} - System32\Tasks\Uninstaller_SkipUac_IRSA => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-01] (IObit)
Task: {47C8E398-AFA5-43EC-898D-6E241FB69B86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {56AB33E3-506F-4C8E-9DE6-D963DE95B91A} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {5A97A65C-9639-4776-8C69-BD0D88811524} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {60B18CF4-E4B7-4AEC-BB2B-33B88F67D757} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65CAE6F9-A6E9-4D94-B6AA-37DA4437EE7C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66CC960A-E677-47A4-A7D3-5FB2BA24FDD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {741D2ADE-611B-44D1-A655-748CD8D64411} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8066235A-AE58-42F2-AA47-F68763B646E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8594DFD6-D4C0-42B7-BC7F-79575856DC92} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Counter-Strike 2D\Common7\IDE\VSIXAutoUpdate.exe
Task: {948D634A-64F0-4797-A491-27B3A05197AA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9EC09769-F7A0-47B8-870C-A8EC4F87CCBB} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2017-02-13] (WinZip Computing, S.L.)
Task: {A9F1F90B-DFD3-496A-8E1D-75C5CCC00DC3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB469C48-5BFF-4A93-8B87-56191D9EA4C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ACAB7C8C-6F37-4333-8EC3-7DD359362517} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B194C29F-6888-4EAB-BDDB-EA5632C6A018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {B3BECC35-5223-4579-99CD-763B8C0A7D8A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B9F4C524-6691-44CF-AC6D-105A84E7A4D5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C1477CF3-E9F6-40B8-B262-BF1C541712E0} - System32\Tasks\IaadxSIIBFEu => C:\WINDOWS\system32\zfcuFyAYWve.bat [2017-09-29] () <==== ATTENTION
Task: {CD83BA0D-EC71-4B98-9D25-C333BBBC26C7} - System32\Tasks\{9C53A8DB-2F59-45E0-A590-058D93183963} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe" -c  /uninstall
Task: {D413DE40-0325-403E-8AF6-C47C5C04D50C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {D7C37F78-5896-413F-A446-AA407F60DD20} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DDFCF23C-6D77-4EEA-AD22-4CD4155ECFAB} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {DE84125C-23E4-44E3-8309-553BA10D7C80} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E48BCEBB-4157-428E-A2CA-A503C3F1FB65} - System32\Tasks\HaXyEsY => C:\WINDOWS\ybuhOEuyPZa.bat [2017-09-29] () <==== ATTENTION
Task: {FC094BF4-8095-4C76-BC4C-4A09767AF463} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job => C:\WINDOWS\vVX1000.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_IRSA.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\IRSA\Desktop\MapCycLe\AGIO\Одноклассники.lnk -> C:\Users\IRSA\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\IRSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike\AMX Mod X\Documentation.lnk -> hxxp://wiki.tcwonline.org/index.php/Category:Documentation_%28AMX_Mod_X%2

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 13:49 - 2017-09-29 13:49 - 000149840 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-10-20 10:17 - 2015-10-20 10:17 - 000242176 _____ () C:\Program Files\4game\3.6.2.257\PocoUtil.dll
2015-10-20 10:18 - 2015-10-20 10:18 - 000714240 _____ () C:\Program Files\4game\3.6.2.257\PocoNet.dll
2015-10-20 10:16 - 2015-10-20 10:16 - 000394240 _____ () C:\Program Files\4game\3.6.2.257\PocoXML.dll
2016-08-11 17:41 - 2016-06-25 07:52 - 000018432 _____ () C:\Program Files\Remote Mouse\RemoteMouseService.exe
2016-03-12 18:39 - 2015-05-26 18:54 - 000152576 _____ () C:\Program Files\Remote Mouse\FileS.dll
2018-01-07 13:02 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-07 13:02 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2016-03-28 20:07 - 2016-03-28 20:07 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-01-04 18:09 - 2018-01-04 18:09 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 007817728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 05:17 - 2017-12-13 05:17 - 001518592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-11 07:50 - 2017-07-11 07:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 07:05 - 2017-12-22 07:05 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files\Skype\Phone\skypert.dll
2017-12-12 23:20 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 001886712 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001773560 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-12 23:20 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 23:20 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\IRSA\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 23:21 - 2017-12-12 23:21 - 009802232 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001505784 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 23:21 - 2017-12-12 23:21 - 000513016 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 23:21 - 2017-12-12 23:21 - 002662904 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 23:21 - 2017-12-12 23:21 - 001517048 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 23:22 - 2017-12-12 23:22 - 002749944 _____ () \\?\C:\Users\IRSA\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2018-01-03 10:10 - 2018-01-03 10:10 - 000075264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 10:10 - 2018-01-03 10:10 - 000166400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 10:10 - 2018-01-03 10:10 - 017748992 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 10:10 - 2018-01-03 10:10 - 001784832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x86__kzf8qxf38zg5c\skypert.dll
2018-01-04 15:11 - 2017-12-14 04:21 - 003062104 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2018-01-04 15:11 - 2017-12-14 04:21 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\63.0.3239.108\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\sharepoint.com -> hxxps://eduvantaa-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-01-04 18:10 - 000002361 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       cdneu.limicimi.com
127.0.0.1       cdnus.limicimi.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-514558421-1968590340-419934471-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\IRSA\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c593bda2-99e9-474c-bd85-f6ae8d21ddbc}.JPG
DNS Servers: 62.241.198.246 - 62.241.198.245
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "VX1000"
HKLM\...\StartupApproved\Run: => "LifeCam"
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "Razer Imperator Driver"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-514558421-1968590340-419934471-1000\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C4446571-F1E3-4784-A612-798749D7DD11}] => (Allow) C:\Users\IRSA\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe
FirewallRules: [{09271E48-B79C-4E97-B6B8-12BA33A23D2E}] => (Allow) C:\Program Files\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [{1CBE6266-6DA3-4B5C-9624-30363EB1BB7F}] => (Allow) C:\Program Files\Steam\steamapps\common\SAS Zombie Assault 4\SAS4-Win.exe
FirewallRules: [UDP Query User{65A78960-1B85-42AA-8E47-53D504302281}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{669D8DDB-28A3-48F4-82EB-8F2DCCB8FF3F}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{A5AE9FCD-A293-48B4-86CA-1EE0E0E9BD47}C:\users\irsa\appdata\local\crossout\launcher.exe] => (Allow) C:\users\irsa\appdata\local\crossout\launcher.exe
FirewallRules: [TCP Query User{057D3DAA-8EC6-4636-A1EF-8DB8F07C8D3D}C:\users\irsa\appdata\local\crossout\launcher.exe] => (Allow) C:\users\irsa\appdata\local\crossout\launcher.exe
FirewallRules: [{87B55D18-6B56-45E6-972F-1270EACBFFC6}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{6C597BF7-E3AF-427E-8B5D-BC884F8C2400}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [UDP Query User{7C073F53-4FCF-4C84-A207-60A705B463DF}C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe
FirewallRules: [TCP Query User{B5E21945-ECA8-48C4-A061-A116668D711F}C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.677\cs2d.exe
FirewallRules: [{2AE83179-1BD1-4B4C-A71A-7AA0ECC25892}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{755A596F-B85C-4498-91EE-BC20A4DBBF7B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{76DBF9F3-8E15-4041-A710-3A5DA399612D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{56EF43B8-55A2-4C08-8067-2C151F28A761}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5C8588F5-1DB0-4BFE-9353-A0890BBC1B3E}] => (Allow) C:\Users\IRSA\Desktop\PointBlank\PointBlank.exe
FirewallRules: [{D0B67361-C5A8-4CD8-B4C9-2F5E85010A13}] => (Allow) C:\Users\IRSA\Desktop\PointBlank\PointBlank.exe
FirewallRules: [{F858993A-A984-4E6F-8DCC-67CE38C16079}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{106C7294-5CBA-4DB1-B273-07755856625B}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{06226776-F03E-4E89-BF47-B262D2479FED}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{D86E70F1-141B-4726-8CF7-13FD36775845}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{854CF225-125A-405F-8D4D-BA116796269F}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [TCP Query User{690FE2A3-FCA6-4DCD-876B-D22225874694}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [{2C5BD297-7BD2-4CA4-BBF7-70B6C768366F}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{542909FA-5D9E-48A3-B05F-289B0C5BE32A}] => (Allow) C:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{C403C2F6-0B84-4DAA-92AB-B91E55B1C169}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{86C7AC6D-C249-41DD-AE0E-CBF60FB9D897}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D5A3416F-38BB-40D4-B7CE-A54C80432F26}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{49DFB1F1-ABC6-4EE8-8D25-CE0D8A0EFD9F}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{360F3C00-B5B6-486C-B792-85D346575FFA}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{AB70F8D8-1E61-4B97-864D-0662988E202F}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{4F5ACB03-9E38-4CA0-B946-BF9E3B4A1B40}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouse.exe
FirewallRules: [{52BD78FF-2FD8-44B6-9D7B-5CAC421644CF}] => (Allow) C:\Program Files\Remote Mouse\RemoteMouse.exe
FirewallRules: [{38BBEEE0-BAC1-45B5-8758-AA6C52CE962F}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BD32D8B3-EE3F-4049-B9B7-FF18A9E3B279}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5A5A0C13-FC25-4348-B22D-E08AAC98E6C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6C6B8296-B9F6-4339-8F0C-EE8009C9C4F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9F32B80E-07D7-461D-9450-EFCEB75F88A1}C:\counter-strike 2d\cs2d.exe] => (Block) C:\counter-strike 2d\cs2d.exe
FirewallRules: [TCP Query User{A15A7896-C386-4579-AF39-821D854561A2}C:\counter-strike 2d\cs2d.exe] => (Block) C:\counter-strike 2d\cs2d.exe
FirewallRules: [UDP Query User{3D2D18D0-849F-4E15-B8D7-2668303DADF8}C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe
FirewallRules: [TCP Query User{E8306369-7C7E-4E6C-A5B7-34C2511B2284}C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe] => (Allow) C:\users\irsa\appdata\local\temp\rar$exa0.495\stickman\stickman.exe
FirewallRules: [UDP Query User{9E615680-9004-4BB4-974A-F99774BD284D}C:\users\irsa\downloads\tools\steamcmd.exe] => (Allow) C:\users\irsa\downloads\tools\steamcmd.exe
FirewallRules: [TCP Query User{E1A2F052-733F-4DB5-9240-D36C6D7AD6E2}C:\users\irsa\downloads\tools\steamcmd.exe] => (Allow) C:\users\irsa\downloads\tools\steamcmd.exe
FirewallRules: [UDP Query User{025218B5-5EA4-4227-93B8-75C8645111B7}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{345A8E3B-3D75-4D57-A724-E397823AFFE6}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{30C450CF-6735-4F5E-8D97-A3FE821BC550}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CE7414D0-AB53-4B71-8E15-02C880A082B2}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6299DB5A-AFE1-4FCF-8A97-2E1BEEFC4114}] => (Allow) C:\Games\PointBlank\PointBlank.exe
FirewallRules: [{BA8ABF5C-1E37-4918-A524-AD07830F2690}] => (Allow) C:\Games\PointBlank\PointBlank.exe
FirewallRules: [UDP Query User{743CB00E-768B-48B6-9076-C2D0FD213C0E}C:\counter-strike 2d\counterstrike2d.exe] => (Block) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [TCP Query User{C5E6D60E-FDED-4FF6-B960-1747DE5AD1ED}C:\counter-strike 2d\counterstrike2d.exe] => (Block) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{89261A25-649E-4E6F-9F6B-CF3A78BA0674}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Block) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{BCB71659-A796-450A-AFD4-35EBB8D0D61F}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Block) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{F7239F5B-6CE6-488B-AF84-52DF11ED9E82}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{770C36B0-4529-4A62-B9C8-184627E7EB4D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{C1591299-BD7C-4F9A-BE4D-5B98030C2967}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{6BBA636A-9482-47C5-829B-7ADEE3238BF6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{ED9B548B-8CCF-47DC-8EDA-BFD456B3422F}C:\counter-strike\hl.exe] => (Block) C:\counter-strike\hl.exe
FirewallRules: [TCP Query User{12C70D47-1959-4AA8-A473-D3FE39067183}C:\counter-strike\hl.exe] => (Block) C:\counter-strike\hl.exe
FirewallRules: [UDP Query User{6E9269C7-58CF-4E09-B689-EB5B77E3C7C2}C:\users\irsa\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\irsa\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{DBE92195-166D-4314-83CE-D0CB8A35DE00}C:\users\irsa\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\irsa\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1F3A7E7B-7E8F-4CB4-9A90-39BD4F5A4854}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{58452F0F-5BE3-4BCB-A1CC-CEC7B0B05089}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{32EAA4CB-32BC-41BC-A56B-29F94FA135E2}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{DD7A7822-5A1A-4F3F-944F-15A8D67F1FFF}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{3E678333-E603-445D-B303-23ECF35992F2}C:\counter-strike 2d\counterstrike2d.exe] => (Allow) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{4C4853F3-B74B-4AFB-9FFC-BBDA24FC849E}C:\counter-strike 2d\counterstrike2d.exe] => (Allow) C:\counter-strike 2d\counterstrike2d.exe
FirewallRules: [TCP Query User{4FBCACB9-D4A0-4FFD-A1A1-BFD2EE186B8D}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{DDD23182-076C-4C91-978D-83AF897844CA}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{636F0C87-242F-47AA-9CBC-B0E8196C0057}C:\program files\remote mouse\remotemouse.exe] => (Block) C:\program files\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{C77CAA59-E318-409E-AC70-E7D81DBD1680}C:\program files\remote mouse\remotemouse.exe] => (Block) C:\program files\remote mouse\remotemouse.exe
FirewallRules: [{DA374C25-93E7-482C-98F0-0AF85C43C528}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1FDA8B24-A939-46D8-AB0A-25BEA93EF1B1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{8D14F797-771C-450D-B207-108F1ED1A8A1}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6514848-7133-466E-B7A0-FB0AD7986FCE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{DF110073-8233-4F08-93AA-E19B7023F8EE}] => (Allow) C:\Users\IRSA\AppData\Local\Programs\Opera\49.0.2725.64\opera.exe
FirewallRules: [{260479D7-75D6-4606-8FFA-EEBFE2E82F76}] => (Allow) C:\Users\IRSA\Desktop\MapCycLe\PointBlank\PointBlank.exe
FirewallRules: [{0F272B18-A41C-477D-84C5-38CC51E80DEE}] => (Allow) C:\Users\IRSA\Desktop\MapCycLe\PointBlank\PointBlank.exe
FirewallRules: [TCP Query User{CD26583C-EAC1-4D83-8EFC-4B2F3166D368}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{EB0B887E-744A-4ECD-BC47-6F5AE010A929}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [{4FB442C4-026E-4097-9F52-FFDEC1B33263}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{131DB3AB-C50D-4C3A-A93A-D9BA65F7EA35}] => (Allow) C:\Program Files\Steam\steamapps\common\CS2D\CS2D.exe
FirewallRules: [{3336D7EF-1AE6-4C4D-B929-CA318D525C19}] => (Allow) C:\Program Files\Steam\steamapps\common\CS2D\CS2D.exe

==================== Restore Points =========================

04-01-2018 14:03:17 Scheduled Checkpoint
05-01-2018 21:51:51 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2018 10:28:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 1299ef7b-50b3-431e-9f1f-db86e93424a0
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: bd3316bd-ff0c-408d-90e0-d5fa48138b49
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 9ae29782-3d0d-473e-85cf-523834325b7c
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 826dfb49-fd29-41e3-8b50-59ea59b11557
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 5c346a5d-1087-4835-be6a-d03b5a68abd7
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 26039bfa-de18-45a8-8571-f57ee9c8a3e1
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: d491d7fd-ef24-4e1c-bc47-bc0d4cc200a9
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/07/2018 10:28:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1569627995.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x12834372
Faulting process id: 0x2d38
Faulting application start time: 0x01d3879178f6dd1e
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-86CF4.tmp\1569627995.exe
Faulting module path: unknown
Report Id: 654b240c-aca1-464c-b14e-0d351509c02e
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2018 07:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 319811614.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0xa7c
Faulting application start time: 0x01d38713c04ac5e1
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-2DBKN.tmp\319811614.exe
Faulting module path: unknown
Report Id: 6416c213-0246-4b6f-a396-3557d461728e
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2018 07:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 319811614.exe, version: 0.0.0.0, time stamp: 0x2a425e06
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process id: 0xa7c
Faulting application start time: 0x01d38713c04ac5e1
Faulting application path: C:\Users\IRSA\AppData\Local\Temp\is-2DBKN.tmp\319811614.exe
Faulting module path: unknown
Report Id: 4af50f5c-27cb-4b02-afde-5ea731ed353a
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/07/2018 01:46:55 PM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/07/2018 01:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (01/07/2018 01:40:53 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:51:13 PM) (Source: DCOM) (EventID: 10010) (User: IRSA-PC)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/07/2018 12:36:14 PM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/07/2018 12:32:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading

Error: (01/07/2018 12:32:04 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:31:19 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: prodrv06.sys

Error: (01/07/2018 12:32:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:12:09 PM on ‎1/‎7/‎2018 was unexpected.

Error: (01/07/2018 11:50:03 AM) (Source: DCOM) (EventID: 10016) (User: IRSA-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user IRSA-PC\IRSA SID (S-1-5-21-514558421-1968590340-419934471-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2018-01-07 13:02:32.017
  Description: N/A

  Date: 2018-01-04 18:33:48.566
  Description: N/A


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 245 Processor
Percentage of memory in use: 61%
Total physical RAM: 3327.28 MB
Available physical RAM: 1280.05 MB
Total Virtual: 6655.28 MB
Available Virtual: 3914.67 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:685.49 GB) (Free:536.33 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.61 GB) (Free:1.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (M&B GM) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A6F7C060)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

 

 

And i forgot to put the malwarebytes scan but it had 15 objects 5 unwanted app/program and 1 trojan and 9 ADWARE. Dang fml trojan and adware? :(

Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.