Solved Cmd pops up and there's a folder sysWOW64.

Rifqi26

Rifqi26

Posts: 80   +0
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by GL553VD (administrator) on DESKTOP-HHD7U7V (27-08-2017 10:46:06)
Running from C:\Users\GL553VD\Downloads
Loaded Profiles: GL553VD (Available Profiles: defaultuser0 & GL553VD)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
() C:\Windows\opcddemg.exe
() C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
((C) LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\LINE_APP.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [AWiC] => C:\Program Files (x86)\Qualcomm Atheros\AWiCMgr.exe [179840 2014-05-14] (Atheros)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4146744 2016-11-18] (Connectify)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1879152 2017-08-01] (Smadsoft)
HKLM\...\RunOnce: [DESKTOP-HHD7U7V] => C:\WINDOWS\TEMP\gE637.tmp.exe [245760 2017-08-24] () <==== ATTENTION
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id__2Hl'iLnhç.exe] => C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe [173056 2017-08-24] ()
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [uTorrent] => C:\Users\GL553VD\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Google Update] => C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-19] (Google Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Chromium] => c:\users\gl553vd\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Steam] => D:\Games\Program Games\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [QwzVnJGAa9.exe] => C:\Program Files\Microsoft Office\M0R9OHCQHMU6RD\QwzVnJGAa9.exe [361984 2017-08-24] ()
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-890557738-1276667348-2891567123-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-890557738-1276667348-2891567123-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-890557738-1276667348-2891567123-1001] => hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-19] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}: [DhcpNameServer] 192.168.100.1
ManualProxies: 0hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774019071&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774028961&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: lu7sbzli.default
FF ProfilePath: C:\Users\GL553VD\AppData\Roaming\Mozilla\Firefox\Profiles\lu7sbzli.default [2017-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\47480734.js [2017-05-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-08-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\47480734.cfg [2017-05-07] <==== ATTENTION
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-17] (ASUSTek Computer Inc.)
S2 ASUS Rog Aura Core; C:\Program Files (x86)\ASUS\ROG Aura Core\AuraCoreSrv.exe [552600 2016-10-15] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
S3 AWiCSrvc; C:\Program Files (x86)\Qualcomm Atheros\AWiCSrvc.exe [50816 2014-05-14] (Atheros Communications) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-08-15] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-11-18] (Connectify)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 opcddemg; C:\WINDOWS\opcddemg.exe [57344 2004-11-09] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-05-09] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-10-22] (ASUSTeK COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-08] (SolidWorks) [File not signed]
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-01-31] (Code Sector)
U2 TMhardwareHelp; C:\Windows\SysWow64\TMhardwareHelp.dll [461096 2017-08-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
R2 WMPNetworkAcSvc; C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3972074 2017-08-16] () [File not signed] <==== ATTENTION
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-26] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 1d31221886f85c0fbbb38d4251403c4d; "C:\Program Files\1d31221886f85c0fbbb38d4251403c4d\1cf0d4ba009c0a7c9a502498cc1ddff5.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 8e44f3b89f0a25c00337268e396acc08; C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys [78744 2017-08-23] (L00M47) <==== ATTENTION
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-12] (ASUS Corporation)
R1 cfywlan2; C:\WINDOWS\system32\DRIVERS\cfywlan2.sys [46088 2017-05-07] (Connectify)
R1 cnnctfy4; C:\WINDOWS\system32\DRIVERS\cnnctfy4.sys [53216 2017-05-07] (Connectify)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-28] (Disc Soft Ltd)
S3 GENERICDRV; C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\3\amifldrv64.sys [17896 2017-01-05] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [249104 2016-10-07] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
R1 LanmaMaster; C:\WINDOWS\system32\drivers\lanmamaster.sys [1494120 2017-07-11] () [File not signed] <==== ATTENTION
R1 MpKsl40e5fb4b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3862ED8D-DED3-4F3E-83B2-0DE482F46588}\MpKsl40e5fb4b.sys [44928 2017-08-24] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_15c6c286fd4435fd\nvlddmkm.sys [15668664 2017-07-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2017-07-29] () [File not signed]
R2 TMhardware; C:\WINDOWS\system32\drivers\TMhardware.sys [215072 2017-07-11] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FRST.txt (continue)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-27 10:46 - 2017-08-27 10:46 - 000026172 _____ C:\Users\GL553VD\Downloads\FRST.txt
2017-08-27 10:45 - 2017-08-27 10:46 - 000000000 ____D C:\FRST
2017-08-27 10:45 - 2017-08-27 10:45 - 002395648 _____ (Farbar) C:\Users\GL553VD\Downloads\FRST64.exe
2017-08-25 11:21 - 2017-08-25 11:21 - 000000000 ____D C:\WINDOWS\system32\tmp
2017-08-24 06:08 - 2017-08-24 06:08 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\FLUIDSIM3
2017-08-24 05:29 - 2017-08-25 11:06 - 000000000 ____D C:\ProgramData\DataCache
2017-08-24 05:22 - 2017-08-24 05:22 - 000000000 ____D C:\ProgramData\Microleaves
2017-08-24 05:19 - 2017-08-24 06:03 - 000000000 ____D C:\Program Files (x86)\WindowsTM
2017-08-24 05:19 - 2017-08-24 05:26 - 000000000 ____D C:\ProgramData\Cache
2017-08-24 05:19 - 2017-08-24 05:24 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc
2017-08-24 05:19 - 2017-08-24 05:19 - 000461096 _____ C:\WINDOWS\SysWOW64\TMhardwareHelp.dll
2017-08-24 05:19 - 2017-08-24 05:19 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microleaves
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\Users\GL553VD\AppData\Local\AdvinstAnalytics
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\ProgramData\Windows
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\ProgramData\a53aa1a0-3a87-0
2017-08-24 05:19 - 2017-08-24 05:19 - 000000000 ____D C:\ProgramData\a53aa1a0-0da3-1
2017-08-24 05:18 - 2017-08-24 05:29 - 000003300 _____ C:\WINDOWS\System32\Tasks\1d31221886f85c0fbbb38d4251403c4d
2017-08-24 05:18 - 2017-08-24 05:28 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-08-24 05:18 - 2017-08-24 05:19 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\gplyra
2017-08-24 05:18 - 2017-08-24 05:18 - 000016814 _____ C:\WINDOWS\System32\Tasks\AuditWiz 2005
2017-08-24 05:14 - 2017-08-24 05:14 - 000000000 ____D C:\Users\GL553VD\Documents\FluidSIM Pneumatics
2017-08-24 05:14 - 2017-08-24 05:14 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\FL_SIM_P4_GB
2017-08-24 05:11 - 2017-08-24 05:11 - 000000000 ____D C:\Program Files (x86)\Didactic
2017-08-24 05:10 - 2017-08-24 05:10 - 000000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-08-24 05:10 - 2017-08-24 05:10 - 000000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-08-24 05:10 - 2009-12-03 11:00 - 000103224 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\Drivers\WibuKey64.sys
2017-08-23 21:15 - 2017-08-23 21:54 - 487858176 _____ C:\Users\GL553VD\Downloads\fluidsim_pneu_45d_001.iso
2017-08-23 18:32 - 2017-08-23 18:32 - 001677824 _____ C:\WINDOWS\0d5921fab3be2e283707cdde8cda83b6.exe
2017-08-23 18:32 - 2017-08-23 18:32 - 000078744 _____ (L00M47) C:\WINDOWS\system32\Drivers\8e44f3b89f0a25c00337268e396acc08.sys
2017-08-23 18:32 - 2017-08-23 18:32 - 000039806 _____ C:\WINDOWS\uninstaller.dat
2017-08-18 11:10 - 2017-08-18 11:10 - 004204032 _____ (crosire) C:\Users\GL553VD\Downloads\ReShade_Setup_3.0.8.exe
2017-08-15 14:51 - 2017-08-15 14:51 - 000000000 ____D C:\Users\GL553VD\AppData\Local\UnrealEngine
2017-08-15 14:51 - 2017-08-15 14:51 - 000000000 ____D C:\Users\GL553VD\AppData\Local\TslGame
2017-08-13 16:03 - 2017-08-13 16:03 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-13 16:03 - 2017-07-19 05:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-13 16:03 - 2017-03-11 04:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-13 16:03 - 2017-03-11 04:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-13 16:03 - 2017-03-11 04:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-13 16:03 - 2017-03-11 04:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-13 16:00 - 2017-07-19 07:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-13 16:00 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-13 09:11 - 2017-07-31 22:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-13 09:11 - 2017-07-31 22:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 00:55 - 2017-08-01 09:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 00:55 - 2017-08-01 09:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 00:55 - 2017-08-01 09:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 00:55 - 2017-08-01 09:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 00:55 - 2017-08-01 09:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 00:55 - 2017-08-01 09:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 00:55 - 2017-08-01 09:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 00:55 - 2017-08-01 09:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 00:55 - 2017-08-01 09:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 00:55 - 2017-08-01 09:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 00:55 - 2017-08-01 09:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 00:55 - 2017-08-01 08:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 00:55 - 2017-07-28 12:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 00:55 - 2017-07-28 11:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 00:55 - 2017-07-28 11:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 00:55 - 2017-07-28 11:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 00:55 - 2017-07-28 11:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 00:55 - 2017-07-28 11:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 00:55 - 2017-07-28 11:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 00:55 - 2017-07-28 11:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 00:55 - 2017-07-28 11:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 00:55 - 2017-07-28 11:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 00:55 - 2017-07-28 11:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 00:55 - 2017-07-28 11:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 00:55 - 2017-07-28 11:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 00:55 - 2017-07-28 11:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 00:55 - 2017-07-28 11:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 00:55 - 2017-07-28 11:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 00:55 - 2017-07-28 11:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 00:55 - 2017-07-28 11:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 00:54 - 2017-08-01 09:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 00:54 - 2017-08-01 09:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 00:54 - 2017-08-01 09:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 00:54 - 2017-08-01 09:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 00:54 - 2017-08-01 09:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 00:54 - 2017-08-01 09:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 00:54 - 2017-08-01 09:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 00:54 - 2017-08-01 09:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 00:54 - 2017-08-01 09:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 00:54 - 2017-08-01 09:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 00:54 - 2017-08-01 09:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 00:54 - 2017-08-01 09:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 00:54 - 2017-08-01 09:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 00:54 - 2017-08-01 09:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 00:54 - 2017-08-01 09:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 00:54 - 2017-08-01 09:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 00:54 - 2017-08-01 09:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 00:54 - 2017-08-01 09:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 00:54 - 2017-08-01 09:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 00:54 - 2017-08-01 09:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 00:54 - 2017-08-01 09:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 00:54 - 2017-08-01 09:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 00:54 - 2017-08-01 09:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 00:54 - 2017-08-01 09:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 00:54 - 2017-08-01 09:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 00:54 - 2017-08-01 09:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 00:54 - 2017-08-01 09:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 00:54 - 2017-08-01 09:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 00:54 - 2017-08-01 09:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 00:54 - 2017-08-01 09:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 00:54 - 2017-08-01 08:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 00:54 - 2017-08-01 08:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 00:54 - 2017-08-01 08:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 00:54 - 2017-08-01 08:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 00:54 - 2017-08-01 08:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 00:54 - 2017-08-01 08:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 00:54 - 2017-08-01 08:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 00:54 - 2017-08-01 08:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 00:54 - 2017-08-01 08:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 00:54 - 2017-08-01 08:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 00:54 - 2017-08-01 08:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 00:54 - 2017-08-01 08:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 00:54 - 2017-08-01 08:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 00:54 - 2017-08-01 08:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 00:54 - 2017-08-01 08:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 00:54 - 2017-08-01 08:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 00:54 - 2017-07-28 12:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 00:54 - 2017-07-28 12:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 00:54 - 2017-07-28 12:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 00:54 - 2017-07-28 12:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 00:54 - 2017-07-28 12:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 00:54 - 2017-07-28 12:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 00:54 - 2017-07-28 12:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 00:54 - 2017-07-28 12:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 00:54 - 2017-07-28 12:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 00:54 - 2017-07-28 12:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 00:54 - 2017-07-28 12:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 00:54 - 2017-07-28 12:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 00:54 - 2017-07-28 12:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 00:54 - 2017-07-28 12:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 00:54 - 2017-07-28 12:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 00:54 - 2017-07-28 12:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 00:54 - 2017-07-28 12:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 00:54 - 2017-07-28 12:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 00:54 - 2017-07-28 12:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 00:54 - 2017-07-28 12:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 00:54 - 2017-07-28 11:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 00:54 - 2017-07-28 11:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 00:54 - 2017-07-28 11:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 00:54 - 2017-07-28 11:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 00:54 - 2017-07-28 11:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 00:54 - 2017-07-28 11:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 00:54 - 2017-07-28 11:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 00:54 - 2017-07-28 11:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 00:54 - 2017-07-28 11:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 00:54 - 2017-07-28 11:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 00:54 - 2017-07-28 11:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 00:54 - 2017-07-28 11:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 00:54 - 2017-07-28 11:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 00:54 - 2017-07-28 11:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 00:54 - 2017-07-28 11:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 00:54 - 2017-07-28 11:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 00:54 - 2017-07-28 11:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 00:54 - 2017-07-28 11:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 00:54 - 2017-07-28 11:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-09 00:54 - 2017-07-28 11:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 00:54 - 2017-07-28 11:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 00:54 - 2017-07-28 11:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 00:54 - 2017-07-28 11:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 00:54 - 2017-07-28 11:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 00:54 - 2017-07-28 11:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 00:54 - 2017-07-28 11:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 00:54 - 2017-07-28 11:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 00:54 - 2017-07-28 11:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 00:54 - 2017-07-28 11:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 00:54 - 2017-07-28 11:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 00:54 - 2017-07-28 11:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 00:54 - 2017-07-28 11:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 00:54 - 2017-07-28 11:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 00:54 - 2017-07-28 11:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 00:54 - 2017-07-28 11:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 00:54 - 2017-07-28 11:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 00:54 - 2017-07-28 11:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 00:53 - 2017-08-01 09:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 00:53 - 2017-08-01 09:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 00:53 - 2017-08-01 09:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 00:53 - 2017-08-01 09:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 00:53 - 2017-08-01 08:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 00:53 - 2017-08-01 08:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 00:53 - 2017-08-01 08:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 00:53 - 2017-08-01 08:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 00:53 - 2017-08-01 08:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-09 00:53 - 2017-08-01 08:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 00:53 - 2017-08-01 08:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 00:53 - 2017-08-01 08:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 00:53 - 2017-08-01 08:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 00:53 - 2017-08-01 08:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 00:53 - 2017-08-01 08:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 00:53 - 2017-08-01 08:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 00:53 - 2017-08-01 08:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 00:53 - 2017-08-01 08:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 00:53 - 2017-08-01 08:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 00:53 - 2017-08-01 08:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 00:53 - 2017-08-01 08:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 00:53 - 2017-08-01 08:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 00:53 - 2017-08-01 08:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 00:53 - 2017-08-01 08:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 00:53 - 2017-08-01 08:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 00:53 - 2017-08-01 08:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 00:53 - 2017-07-28 12:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 00:53 - 2017-07-28 12:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 00:53 - 2017-07-28 12:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 00:53 - 2017-07-28 12:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 00:53 - 2017-07-28 12:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 00:53 - 2017-07-28 12:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 00:53 - 2017-07-28 12:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 00:53 - 2017-07-28 12:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 00:53 - 2017-07-28 12:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 00:53 - 2017-07-28 12:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 00:53 - 2017-07-28 12:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 00:53 - 2017-07-28 11:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 00:53 - 2017-07-28 11:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 00:53 - 2017-07-28 11:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 00:53 - 2017-07-28 11:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 00:53 - 2017-07-28 11:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 00:53 - 2017-07-28 11:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 00:53 - 2017-07-28 11:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-09 00:53 - 2017-07-28 11:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-09 00:53 - 2017-07-28 11:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 00:53 - 2017-07-28 11:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 00:53 - 2017-07-28 11:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 00:53 - 2017-07-28 11:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 00:53 - 2017-07-28 11:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 00:53 - 2017-07-28 11:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 00:53 - 2017-07-28 11:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 00:53 - 2017-07-28 11:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 00:53 - 2017-07-28 11:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 00:53 - 2017-07-28 11:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 00:53 - 2017-07-28 11:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 00:53 - 2017-07-28 11:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 00:53 - 2017-07-28 11:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 00:53 - 2017-07-28 11:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 00:53 - 2017-07-28 11:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 00:53 - 2017-07-28 11:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 00:53 - 2017-07-28 11:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 00:53 - 2017-07-28 11:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 00:53 - 2017-07-28 11:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 00:53 - 2017-07-28 11:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 00:31 - 2017-08-09 00:31 - 000000000 ____D C:\Users\GL553VD\Downloads\FIFA.17-STEAMPUNKS
 
2017-07-30 21:55 - 2017-07-30 21:55 - 000000000 ____D C:\ProgramData\Rockstar Games
2017-07-30 21:53 - 2017-07-30 23:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-07-30 18:59 - 2017-07-30 21:07 - 000000000 ____D C:\Users\GL553VD\Downloads\Dog Pound (2010) [1080p] [YTS.AG]
2017-07-30 17:09 - 2017-07-30 17:09 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\Jujubee S_A_
2017-07-29 20:48 - 2017-08-24 05:18 - 000000000 ____D C:\Program Files\3D Analyzer
2017-07-29 19:13 - 2017-07-29 19:17 - 000011376 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-07-29 19:03 - 2017-07-29 19:03 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft Games
2017-07-29 17:14 - 2017-07-29 17:14 - 000000000 ____D C:\Users\GL553VD\AppData\Local\DBG
2017-07-29 17:06 - 2017-07-29 17:06 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activision Value
2017-07-29 16:55 - 2017-07-29 20:46 - 000000000 ____D C:\Users\GL553VD\Downloads\New folder
2017-07-29 14:46 - 2017-07-29 14:46 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-29 14:46 - 2017-07-29 07:53 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-29 14:45 - 2017-07-29 14:45 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-29 14:45 - 2017-07-29 14:45 - 000000000 ____D C:\Program Files\MSBuild
2017-07-29 14:45 - 2017-07-29 14:45 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-29 14:45 - 2017-07-29 07:58 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-29 14:45 - 2017-02-10 18:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-29 14:45 - 2017-02-10 18:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-29 14:45 - 2017-02-10 18:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-29 14:45 - 2017-02-10 18:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-29 14:45 - 2017-02-10 18:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-29 14:45 - 2017-02-10 18:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-29 08:04 - 2017-07-29 08:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-29 08:03 - 2017-08-25 11:06 - 001062444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-29 08:03 - 2017-07-29 08:03 - 000000000 ____D C:\ProgramData\USOShared
2017-07-29 08:02 - 2017-07-29 08:02 - 000000020 ___SH C:\Users\GL553VD\ntuser.ini
2017-07-29 08:01 - 2017-07-29 08:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-07-29 08:01 - 2017-07-29 08:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-07-29 08:00 - 2017-08-27 10:11 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59C305A5-C62D-4BE3-8E77-0E253A7B408E}
2017-07-29 08:00 - 2017-08-25 11:03 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-08-25 11:03 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-07-29 08:00 - 2017-08-25 11:03 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-07-29 08:00 - 2017-08-20 14:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-29 08:00 - 2017-08-13 09:11 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-07-29 08:00 - 2017-08-04 19:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-29 08:00 - 2017-07-29 08:05 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-890557738-1276667348-2891567123-1001
2017-07-29 08:00 - 2017-07-29 08:00 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-29 08:00 - 2017-07-29 08:00 - 000003522 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001UA
2017-07-29 08:00 - 2017-07-29 08:00 - 000003254 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001Core
2017-07-29 08:00 - 2017-07-29 08:00 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-07-29 08:00 - 2017-07-29 08:00 - 000002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-07-29 08:00 - 2017-07-29 08:00 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-07-29 08:00 - 2017-07-29 08:00 - 000002636 _____ C:\WINDOWS\System32\Tasks\IntelBootstrapCCDashExe
2017-07-29 08:00 - 2017-07-29 08:00 - 000002566 _____ C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-29 08:00 - 2017-07-29 08:00 - 000002520 _____ C:\WINDOWS\System32\Tasks\ROG Gaming Center
2017-07-29 08:00 - 2017-07-29 08:00 - 000002420 _____ C:\WINDOWS\System32\Tasks\smadav
2017-07-29 08:00 - 2017-07-29 08:00 - 000002378 _____ C:\WINDOWS\System32\Tasks\{6A35350E-164D-43E1-9087-2F4DBED450DC}
2017-07-29 08:00 - 2017-07-29 08:00 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-07-29 08:00 - 2017-07-29 08:00 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-07-29 08:00 - 2017-07-29 08:00 - 000002298 _____ C:\WINDOWS\System32\Tasks\{20315727-BC5A-434B-A40D-60894920FE96}
2017-07-29 08:00 - 2017-07-29 08:00 - 000002282 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-07-29 08:00 - 2017-07-29 08:00 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-07-29 08:00 - 2017-07-29 08:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-07-29 08:00 - 2017-07-29 08:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-07-29 07:58 - 2017-07-29 07:58 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-29 07:55 - 2017-08-22 06:30 - 000000000 ____D C:\Users\GL553VD
2017-07-29 07:55 - 2017-07-29 07:59 - 000000000 ____D C:\Users\defaultuser0
2017-07-29 07:55 - 2017-07-29 07:58 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-29 07:54 - 2017-07-29 07:56 - 000000000 ____D C:\Program Files\Intel
2017-07-29 07:54 - 2017-07-29 07:56 - 000000000 ____D C:\Program Files (x86)\Intel
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____D C:\Program Files\Realtek
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-07-29 07:54 - 2017-07-19 06:24 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 002479040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-29 07:54 - 2017-07-13 08:37 - 008095171 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-29 07:54 - 2017-03-19 03:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-29 07:54 - 2016-11-30 07:36 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-07-29 07:54 - 2016-11-30 07:36 - 000104456 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-07-29 07:53 - 2017-08-27 10:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-29 07:53 - 2017-08-25 11:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-29 07:53 - 2017-08-25 11:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-29 07:53 - 2017-08-20 14:08 - 001322392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-28 21:33 - 2017-07-28 21:33 - 000006223 _____ C:\Users\GL553VD\Downloads\Ultimate General Civil War.CT
2017-07-28 07:19 - 2017-07-29 08:02 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-27 10:09 - 2017-04-22 20:44 - 000000000 ____D C:\Users\GL553VD\Documents\Assassin's Creed Unity
2017-08-27 00:21 - 2017-04-21 21:46 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\Mozilla
2017-08-26 19:38 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 19:29 - 2017-04-22 07:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-26 19:29 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-25 11:21 - 2017-05-06 17:30 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\uTorrent
2017-08-25 11:19 - 2017-04-22 06:59 - 000000000 ____D C:\Program Files (x86)\SMADAV
2017-08-25 11:18 - 2017-04-22 07:08 - 000000000 ____D C:\Users\GL553VD\AppData\Local\CrashDumps
2017-08-25 11:08 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 11:05 - 2017-03-19 04:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-25 11:03 - 2017-04-22 07:01 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-25 11:03 - 2017-04-22 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-25 11:00 - 2017-06-28 21:51 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\uTorrent
2017-08-25 10:59 - 2017-04-22 06:57 - 000000000 __SHD C:\Users\GL553VD\IntelGraphicsProfiles
2017-08-24 05:19 - 2017-04-22 07:08 - 000000000 ____D C:\ProgramData\Intel
2017-08-24 05:18 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-23 21:05 - 2017-03-19 04:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-22 05:58 - 2017-03-19 03:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-20 14:08 - 2017-03-18 18:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-19 12:07 - 2017-04-22 18:16 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-18 11:37 - 2017-06-26 09:06 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-18 11:37 - 2017-04-22 07:01 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-18 11:36 - 2017-06-26 09:06 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-18 11:36 - 2017-06-26 09:06 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-18 11:13 - 2017-04-22 06:57 - 000002685 _____ C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-18 11:13 - 2017-04-22 06:57 - 000002677 _____ C:\Users\GL553VD\Desktop\Google Chrome.lnk
2017-08-18 01:11 - 2017-04-22 05:49 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 23:26 - 2017-05-08 09:28 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-15 14:52 - 2017-04-22 07:02 - 000000000 ____D C:\Users\GL553VD\AppData\Local\NVIDIA Corporation
2017-08-15 13:33 - 2017-04-22 11:26 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-13 17:18 - 2017-05-09 14:28 - 000000000 ____D C:\Users\GL553VD\AppData\Local\Ubisoft Game Launcher
2017-08-13 11:02 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-13 09:18 - 2017-04-22 06:49 - 000000000 ____D C:\Users\GL553VD\AppData\Local\Packages
2017-08-13 09:14 - 2017-04-22 06:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-13 09:11 - 2017-04-22 06:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-13 09:11 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-13 09:11 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 00:57 - 2017-04-22 18:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 00:55 - 2017-04-22 18:13 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 19:31 - 2017-05-13 22:19 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\vlc
2017-08-02 06:58 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-01 11:00 - 2017-04-22 06:59 - 000000730 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2017-08-01 11:00 - 2017-04-22 06:59 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Smadav
2017-07-30 21:55 - 2017-04-22 07:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-30 17:05 - 2017-05-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2017-07-30 16:47 - 2017-06-06 09:07 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\DMCache
2017-07-29 19:04 - 2017-06-21 19:20 - 000000000 ____D C:\Users\GL553VD\Documents\My Games
2017-07-29 19:03 - 2017-04-22 06:49 - 000000000 ____D C:\Users\GL553VD\AppData\Local\VirtualStore
2017-07-29 14:52 - 2017-03-19 04:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-29 14:51 - 2017-03-20 10:43 - 000000000 ____D C:\WINDOWS\OCR
2017-07-29 14:51 - 2017-03-19 04:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-29 09:32 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-29 08:05 - 2017-04-22 06:50 - 000002369 _____ C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-29 08:05 - 2017-04-22 06:50 - 000000000 ___RD C:\Users\GL553VD\OneDrive
2017-07-29 08:03 - 2017-03-19 04:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-29 08:02 - 2017-06-06 09:19 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-07-29 08:01 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-29 08:01 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-29 08:01 - 2017-03-18 18:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-29 08:00 - 2017-03-20 10:44 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-29 08:00 - 2017-03-19 04:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-29 08:00 - 2016-07-16 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-29 07:59 - 2017-03-19 04:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-29 07:58 - 2017-07-25 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate General Civil War
2017-07-29 07:58 - 2017-06-21 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2017
2017-07-29 07:58 - 2017-06-17 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-29 07:58 - 2017-05-28 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-07-29 07:58 - 2017-05-27 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attack on Titan Wings of Freedom
2017-07-29 07:58 - 2017-05-16 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2017-07-29 07:58 - 2017-05-13 00:00 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-29 07:58 - 2017-05-08 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-29 07:58 - 2017-05-08 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2016
2017-07-29 07:58 - 2017-05-08 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2016
2017-07-29 07:58 - 2017-05-08 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Installation Manager
2017-07-29 07:58 - 2017-05-07 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016
2017-07-29 07:58 - 2017-05-04 12:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
2017-07-29 07:58 - 2017-04-23 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron IV Together for Victory
2017-07-29 07:58 - 2017-04-23 07:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 Wild Hunt
2017-07-29 07:58 - 2017-04-22 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Unity
2017-07-29 07:58 - 2017-04-22 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-07-29 07:58 - 2017-04-22 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-07-29 07:58 - 2017-04-22 07:10 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-07-29 07:58 - 2017-04-22 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2017-07-29 07:58 - 2017-04-22 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-07-29 07:58 - 2017-04-22 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2017-07-29 07:58 - 2017-04-22 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-07-29 07:58 - 2017-04-22 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-07-29 07:58 - 2017-04-22 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-07-29 07:58 - 2017-04-22 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2017-07-29 07:58 - 2017-04-22 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2017-07-29 07:58 - 2017-04-22 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-07-29 07:58 - 2017-04-22 06:57 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-07-29 07:58 - 2017-04-22 06:57 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-29 07:58 - 2017-04-22 06:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-29 07:58 - 2017-04-22 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteus 8 Professional
2017-07-29 07:56 - 2017-05-08 08:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-07-29 07:56 - 2017-05-08 07:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-07-29 07:56 - 2017-04-22 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-29 07:56 - 2017-04-22 07:11 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-07-29 07:56 - 2017-04-22 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-07-29 07:56 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-29 07:56 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-29 07:56 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-29 07:56 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-29 07:55 - 2017-07-03 11:42 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-07-29 07:55 - 2017-04-22 06:49 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-07-29 07:55 - 2016-07-16 18:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-29 07:54 - 2017-04-22 06:51 - 000000000 ____D C:\Intel
2017-07-29 07:54 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\Help
2017-07-29 07:54 - 2017-03-18 18:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
==================== Files in the root of some directories =======
2017-06-06 09:20 - 2017-06-06 09:20 - 000019894 _____ () C:\Users\GL553VD\AppData\Roaming\Geregatoc
2017-05-08 07:56 - 2017-05-15 05:26 - 000000000 _____ () C:\Users\GL553VD\AppData\Local\Temptable.xml
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd
C:\WINDOWS\TEMP\gE637.tmp.exe

Some files in TEMP:
====================
2003-08-16 06:58 - 2003-08-16 06:58 - 001859680 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1A14.EXE
2003-08-16 06:56 - 2003-08-16 06:56 - 012443648 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1B5D.DLL
2017-08-24 05:18 - 2017-08-24 05:18 - 002768380 _____ () C:\Users\GL553VD\AppData\Local\Temp\installer_campaign_1877.exe
2017-08-13 16:00 - 2016-12-29 19:28 - 000351680 _____ (NVIDIA Corporation) C:\Users\GL553VD\AppData\Local\Temp\nvStInst.exe
2017-08-24 05:18 - 2017-08-24 05:18 - 006473728 _____ () C:\Users\GL553VD\AppData\Local\Temp\s2s.exe
2017-08-24 06:03 - 2011-01-12 11:00 - 000803216 _____ (WIBU-SYSTEMS AG) C:\Users\GL553VD\AppData\Local\Temp\Setup64.exe
2017-08-24 05:18 - 2017-08-24 05:18 - 000886434 _____ ( ) C:\Users\GL553VD\AppData\Local\Temp\SetupTextToTalk.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-13 11:00
==================== End of FRST.txt ============================
 
addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by GL553VD (27-08-2017 10:46:39)
Running from C:\Users\GL553VD\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-29 01:02:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-890557738-1276667348-2891567123-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-890557738-1276667348-2891567123-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-890557738-1276667348-2891567123-1000 - Limited - Disabled) => C:\Users\defaultuser0
GL553VD (S-1-5-21-890557738-1276667348-2891567123-1001 - Administrator - Enabled) => C:\Users\GL553VD
Guest (S-1-5-21-890557738-1276667348-2891567123-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Assassin's Creed Unity version 1.0 (HKLM-x32\...\{BFDE508D-7730-4538-BD22-F231500BB914}_is1) (Version: 1.0 - Ubisoft)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0049 - ASUS)
Attack on Titan Wings of Freedom (HKLM-x32\...\Attack on Titan Wings of Freedom_is1) (Version: - )
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s)
Battlefield 1 (HKLM-x32\...\Battlefield 1_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Connectify 2016 (HKLM\...\Connectify) (Version: 2016.0.10.37829 - Connectify)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Gaming Assistant (HKLM-x32\...\{C27B0A7C-BD18-46EF-984A-CCD2799F4CD4}) (Version: 1.0.3 - ASUS)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.8.5262 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Hearts of Iron IV Together for Victory (HKLM-x32\...\Hearts of Iron IV Together for Victory_is1) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
K-Lite Codec Pack 5.4.4 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.4.4 - )
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Napoleon: Total War (HKLM\...\Steam App 34030) (Version: - The Creative Assembly)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.)
Pro Evolution Soccer 2017 (HKLM-x32\...\{A3C10274-808C-4ADC-A13D-D94911180B58}_is1) (Version: - KONAMI)
Proteus 8 Professional (HKLM-x32\...\{B8A525DB-6906-4F0C-92D7-33D55345E4E8}) (Version: 8.0.15417.0 - Labcenter Electronics)
Proteus 8 Professional (HKLM-x32\...\{BA9C523F-BB2D-40AF-80C5-F3F661F436BC}) (Version: 8.4.21079.0 - Labcenter Electronics)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.11 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7926 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
ROG Aura Core (HKLM-x32\...\{24D10379-1ED5-4949-A024-991131A992D9}) (Version: 1.0.1 - ASUS)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.0.2 - ASUS)
SearchAwesome (HKLM\...\1d31221886f85c0fbbb38d4251403c4d) (Version: 13.14.1.15 (i1.0) - SearchAwesome) <==== ATTENTION
SMADAV version 11.4.4 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.4.4 - Smadsoft)
SOLIDWORKS 2016 x64 Edition SP01 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.110.45 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP01 (HKLM-x32\...\SolidWorks Installation Manager 20160-40100-1100-100) (Version: 24.1.0.45 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP01 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.10.45 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP01 (HKLM\...\{629ECC69-6A9F-4B03-801C-D396A3576A78}) (Version: 16.1.0029 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2016 SP01 x64 Edition (HKLM\...\{41E08694-1890-4B39-9D1C-B9D27A1D67B3}) (Version: 24.10.45 - Dassault Systemes SolidWorks Corp) Hidden
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy 3.0 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Tom Clancy's The Division (HKLM\...\Steam App 365590) (Version: - Massive Entertainment)
Total War - SHOGUN 2 (HKLM-x32\...\Total War - SHOGUN 2_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultimate General Civil War (HKLM-x32\...\Ultimate General Civil War_is1) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-890557738-1276667348-2891567123-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-890557738-1276667348-2891567123-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E7F7483-2EDA-44C8-9FAC-B6C5F80BF919} - System32\Tasks\AuditWiz 2005 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\AuditWiz 2005\AuditWiz 2005.dll",bTFkcxolM <==== ATTENTION
Task: {17A04C7D-B757-4B68-8BDB-E2702C7E1F71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {1B1A4A08-F124-49EA-8B21-B7962F57E2D1} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {1C41D66F-BB4F-454B-AFD7-445831FA68AC} - System32\Tasks\1d31221886f85c0fbbb38d4251403c4d => sc start 1d31221886f85c0fbbb38d4251403c4d <==== ATTENTION
Task: {2745532A-4EF1-4497-B81A-89A4ACB700B5} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2016-10-22] (ASUSTek Computer Inc.)
Task: {2A979EE4-DA02-4053-B079-386C576E8961} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-02] (Realtek Semiconductor)
Task: {32EA04DE-0E37-4004-99AE-E6A7662F5E9E} - System32\Tasks\{20315727-BC5A-434B-A40D-60894920FE96} => C:\Windows\system32\pcalua.exe -a "D:\Games\Total War - SHOGUN 2\Shogun2.exe" -d "D:\Games\Total War - SHOGUN 2"
Task: {4125D79A-3BC8-4E8F-B317-94777B462D07} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {52CE9334-B0CD-47A3-821B-5553764EDF7E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {6B5C0CA6-E273-459E-98CD-4C46CBDA0C40} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-15] (ASUSTek Computer Inc.)
Task: {6E75F6AE-47CA-4CD8-A92C-3BCB12B29C9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-13] (Adobe Systems Incorporated)
Task: {7EAF4F59-96B2-4F43-9CA9-2032C185242F} - System32\Tasks\{6A35350E-164D-43E1-9087-2F4DBED450DC} => C:\Windows\system32\pcalua.exe -a C:\Users\GL553VD\AppData\Local\{BD488B14-99E0-E7AC-F478-C244D0103EDC}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir
Task: {883C9DA2-D017-49BC-9AA7-44CBA4A576BA} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-08-01] (Smadsoft)
Task: {9B4F4EC5-B02C-44AC-B422-4F566B50C21B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {A1CB4265-C58B-4A0C-B5E7-557B75CE153C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-09-02] (Realtek Semiconductor)
Task: {AA709456-2C1D-4DDC-A42C-95F47BD9CCCD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {AE08B0F8-1583-4196-A3D9-0BCCB4BEBEC9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel(R) Corporation)
Task: {BB01E093-29E7-40B5-B8B3-DD94B4F99026} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {C35BF170-9FF8-4F5E-8564-9EF74C638EF4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001UA => C:\Users\GL553VD\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-19] (Google Inc.)
Task: {C8C718AF-6D4C-4B85-9F03-F56B8E73492F} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {C8FEA893-4D04-4100-8A6B-4BE9B87E10B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {C9521F4E-7608-4E12-A620-E475876FA37E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001Core => C:\Users\GL553VD\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-19] (Google Inc.)
Task: {D27BCCF7-01F5-40B6-AF9D-624DF3CD155D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {D81639B7-1AD5-455F-A79A-EEDB77AA004B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {D966ECC6-90CD-4340-AE19-B25E3E88ABFA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {E73750BE-0ACD-4EC2-A563-EA17005B96A5} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {EF853378-E41B-41CF-8215-1536C6BC9482} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {FAA7A89E-56C9-485B-80F7-10E1EF946639} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {FCBD816B-CA62-4C16-93C4-C7D233831058} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {FFEA1506-ACB1-435F-B267-FEA6CA15F84E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-08-25] (ASUSTek Computer Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activision Value\The History Channel - Civil War\Activision Value Homepage.lnk -> hxxp://www.activisionvalue.com
ShortcutWithArgument: C:\Users\GL553VD\Desktop\Google Chrome.lnk -> C:\Users\GL553VD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D
ShortcutWithArgument: C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\GL553VD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D
ShortcutWithArgument: C:\Users\GL553VD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\GL553VD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D
==================== Loaded Modules (Whitelisted) ==============
2017-07-19 09:50 - 2017-07-19 09:50 - 003302400 _____ () C:\ProgramData\Windows\System32\Mswapi64.dll
2017-07-11 07:33 - 2017-07-11 07:33 - 001364168 ____N () C:\Windows\system32\LanmaMasterHelp.dll
2017-05-09 14:25 - 2017-05-09 14:25 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2004-11-09 16:35 - 2004-11-09 16:35 - 000057344 _____ () C:\WINDOWS\opcddemg.exe
2017-08-24 05:19 - 2017-08-16 10:47 - 003972074 _____ () C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
2017-03-19 03:58 - 2017-03-19 03:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-01-30 16:40 - 2010-01-30 16:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-25 11:38 - 2010-03-25 11:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-04-22 06:57 - 2012-01-10 09:44 - 000193536 _____ () C:\Program Files\WinRAR\rarext.dll
2017-04-22 06:59 - 2016-12-08 06:40 - 003681104 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2017-05-08 09:28 - 2017-08-18 11:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-08 11:36 - 2017-06-08 11:36 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 19:09 - 2017-07-25 19:09 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 19:09 - 2017-07-25 19:09 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-23 21:03 - 2017-08-23 21:03 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 21:03 - 2017-08-23 21:03 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 21:03 - 2017-08-23 21:03 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 21:03 - 2017-08-23 21:03 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-19 03:59 - 2017-03-20 10:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 21:04 - 2017-08-23 21:05 - 024502272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-08-23 21:04 - 2017-08-23 21:05 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-09 00:33 - 2017-08-09 00:34 - 003544488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-23 21:04 - 2017-08-23 21:05 - 011159040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-07-23 13:17 - 2017-07-23 13:18 - 001079808 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\Sqlite.dll
2017-05-04 06:47 - 2017-05-04 06:47 - 006078976 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\BackEndWin10Univ.dll
2017-07-23 13:17 - 2017-07-23 13:18 - 000034304 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
2017-07-26 18:13 - 2017-07-26 18:14 - 032960512 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-07-26 18:13 - 2017-07-26 18:13 - 009161728 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-07-14 07:43 - 2017-07-14 07:44 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-26 18:13 - 2017-07-26 18:14 - 013154304 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-03-19 03:58 - 2017-03-19 03:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-07-11 07:33 - 2017-07-11 07:33 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-07-11 07:33 - 2017-07-11 07:33 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-06-14 14:39 - 2017-06-14 14:39 - 000208384 _____ () C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
2017-05-07 13:19 - 2016-11-18 20:52 - 000898616 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2016-10-06 11:17 - 2016-10-06 11:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 18:47 - 2017-08-24 06:01 - 000014306 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
There are 357 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{13C5FF8D-B9AA-4B1E-9697-92428D8F6DE4}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{C21008B5-76AE-492E-A9A3-08F566B907B4}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [{BDFED0FE-F954-470B-91AF-2DAEE6A4DD19}] => (Allow) D:\Games\Program Games\Steam\Steam.exe
FirewallRules: [{326E1F60-0ED4-4A19-835C-8EF9D54D78E1}] => (Allow) D:\Games\Program Games\Steam\Steam.exe
FirewallRules: [{4FB5657D-3F9D-4E48-85B0-62173793EDAC}] => (Allow) D:\Games\Program Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B77117D1-F4E4-495A-A43B-0078A9A6CF6F}] => (Allow) D:\Games\Program Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Restore Points =========================
24-08-2017 06:01:01 Clear
24-08-2017 06:15:53 Clear
24-08-2017 06:16:43 CLEAR(this)
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/27/2017 10:11:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\labcenter electronics\proteus 8 professional\bin\LUAC.EXE".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/27/2017 10:09:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/27/2017 10:09:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/27/2017 10:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3312
Error: (08/27/2017 10:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3312
Error: (08/27/2017 10:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/27/2017 10:09:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2203
Error: (08/27/2017 10:09:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2203
Error: (08/27/2017 10:09:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/27/2017 10:09:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031

System errors:
=============
Error: (08/27/2017 10:34:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
Error: (08/27/2017 10:33:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/27/2017 10:09:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/27/2017 10:08:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/27/2017 12:16:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/26/2017 07:29:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS HID Access Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/26/2017 07:26:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/25/2017 11:59:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/25/2017 02:04:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/25/2017 02:03:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2017-08-27 10:45:51.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-27 10:45:51.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.
Date: 2017-08-27 10:45:51.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-27 10:45:51.907
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.
Date: 2017-08-27 10:45:47.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-27 10:45:47.612
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.
Date: 2017-08-27 10:45:47.612
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-27 10:45:47.610
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.
Date: 2017-08-27 10:45:44.742
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-27 10:45:44.740
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 16265.07 MB
Available physical RAM: 9831.72 MB
Total Virtual: 18697.07 MB
Available Virtual: 12132.74 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.85 GB) (Free:39.83 GB) NTFS
Drive d: () (Fixed) (Total:465.74 GB) (Free:150.53 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:51.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

redtarget.gif
Uninstall following unwanted program: SearchAwesome.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I can't uninstall the searchawesome program on my control panel, everytime I clicked on it nothing pops up or change. Can I skip that one or is there any way I can uninstall that program without control panel? cause I couldn't find that program on any folder.
 
rk_6D8F
RogueKiller V12.11.11.0 (x64) [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : GL553VD [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/28/2017 12:27:35 (Duration : 00:25:25)
Switches : -refid
¤¤¤ Processes : 20 ¤¤¤
[Tr.Egguard] svchost.exe(2028) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] spoolsv.exe(2944) -- C:\Windows\System32\spoolsv.exe[-] -> Found
[Tr.Egguard] svchost.exe(3144) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] svchost.exe(3180) -- C:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] svchost.exe(3236) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] svchost.exe(3768) -- c:\Windows\System32\svchost.exe[7] -> Found
[Adw.Wizzcaster] Connectifyd.exe(4544) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe[7] -> Found
[Tr.Egguard] svchost.exe(6484) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] svchost.exe(1180) -- c:\Windows\System32\svchost.exe[7] -> Found
[Adw.Wizzcaster|Tr.Egguard] QwzVnJGAa9.exe(10884) -- C:\Program Files\Microsoft Office\M0R9OHCQHMU6RD\QwzVnJGAa9.exe[-] -> Found
[Tr.Egguard] svchost.exe(11812) -- c:\Windows\System32\svchost.exe[7] -> Found
[Adw.Wizzcaster|Adw.Tuto4PC|Tr.Egguard|VT.Adware.Tuto4PC.Generic] _2Hl'iLnhç.exe(12616) -- C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe[-] -> Found
[Tr.Egguard] svchost.exe(3536) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] svchost.exe(8636) -- c:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] smartscreen.exe(10680) -- C:\Windows\System32\smartscreen.exe[-] -> Found
[Tr.Egguard] svchost.exe(16128) -- C:\Windows\System32\svchost.exe[7] -> Found
[Tr.Egguard] rundll32.exe(15384) -- C:\Windows\System32\rundll32.exe[-] -> Found
[Suspicious.Path|VT.Trojan/Win64.Eroyee.C1992162] gEA21.tmp.exe(15236) -- C:\Windows\Temp\gEA21.tmp.exe[-] -> Found
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] Mswapi64.dll(15384) -- C:\ProgramData\Windows\System32\Mswapi64.dll[-] -> Found
[Root.Wajam|VT.malicious_confidence_60% (D)] (SVC) 8e44f3b89f0a25c00337268e396acc08 -- \??\C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys[7] -> Found
¤¤¤ Registry : 41 ¤¤¤
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001 | LibraryPath : C:\ProgramData\Windows\System32\Mswapi64.dll [-] -> Found
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001 | LibraryPath : C:\ProgramData\Windows\System32\Mswapi64.dll [-] -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{BFD6B750-C600-456A-BB8F-FA18D10F2C1B} (C:\Program Files (x86)\WindowsTM\TMDeskBand.dll) -> Found
[Adw.Wizzcaster] (X64) HKEY_LOCAL_MACHINE\Software\Speedownloader0099 -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Texttotalk -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Jogotempo -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SkypeUpdateEx -> Found
[Adw.Wizzcaster] (X86) HKEY_LOCAL_MACHINE\Software\Speedownloader0099 -> Found
[Tr.Gen] (X86) HKEY_LOCAL_MACHINE\Software\WMPNetworkAcSvc -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Amigo -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CoinisRevShare -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CpuzApp -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\csastats -> Found
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\FastDataX -> Found
[Adw.WifiHotSpot] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Hotspot -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\ProductSetup -> Found
[Adw.Wizzcaster] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Speedownloader0099 -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Amigo -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CoinisRevShare -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CpuzApp -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\csastats -> Found
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\FastDataX -> Found
[Adw.WifiHotSpot] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Hotspot -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\ProductSetup -> Found
[Adw.Wizzcaster] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Speedownloader0099 -> Found
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\gplyra -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[BitMiner.Gen0|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gplyra : C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd [-] -> Found
[Suspicious.Path|VT.HackTool:Win32/AutoKMS!rfn] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | DESKTOP-HHD7U7V : C:\WINDOWS\TEMP\gEA20.tmp.exe [-] -> Found
[Adw.Tuto4PC|VT.Adware.Tuto4PC.Generic] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Lahin_Raw_barra_al3eb_b3id__2Hl'iLnhç.exe : "C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe" [-] -> Found
[Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1d31221886f85c0fbbb38d4251403c4d ("C:\Program Files\1d31221886f85c0fbbb38d4251403c4d\1cf0d4ba009c0a7c9a502498cc1ddff5.exe") -> Found
[Root.Wajam|VT.malicious_confidence_60% (D)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\8e44f3b89f0a25c00337268e396acc08 (\??\C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys) -> Found
[Adw.ChinAd] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmaMaster (\??\C:\WINDOWS\system32\drivers\lanmamaster.sys) -> Found
[Tr.Gen|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkAcSvc ("C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe") -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 21 ¤¤¤
[PUP|PUP][Folder] C:\ProgramData\Microleaves -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Found
[Adw.ChinAd][File] C:\Windows\System32\LanmaMasterHelp.dll -> Found
[Root.Wajam][File] C:\Windows\System32\drivers\8e44f3b89f0a25c00337268e396acc08.sys -> Found
[Adw.ChinAd][File] C:\Windows\System32\drivers\lanmamaster.sys -> Found
[BitMiner.Gen0][Folder] C:\Users\GL553VD\AppData\Roaming\gplyra -> Found
[PUP|PUP][Folder] C:\Users\GL553VD\AppData\Roaming\Microleaves -> Found
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[Tr.Gen][Folder] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc -> Found
[PUP][Folder] C:\Users\GL553VD\AppData\Local\AdvinstAnalytics -> Found
[PUP][File] C:\Users\GL553VD\AppData\Local\ed1298a45f9749e198d43d272e433ec4\1g9FR1xMslvmB.exe -> Found
[PUP][File] C:\ProgramData\f84cbd88e2ed4b019af890a81efaba4c\EudnVUuam5XgCd.exe -> Found
[PUP|PUP][Folder] C:\ProgramData\Microleaves -> Found
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Found
[Tr.Egguard][File] C:\ProgramData\Windows\System32\Mswapi64.dll -> Found
[Adw.Tuto4PC][File] C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe -> Found
[PUP][Folder] C:\Program Files (x86)\WindowsTM -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS128G39TND-N210A +++++
--- User ---
[MBR] b138114d6bf4c46d6813adb68b152026
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 120673 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 248301568 | Size: 862 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 72d802927eba00916c896a4d2a5b29a4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 16 MB
1 - Basic data partition | Offset (sectors): 34816 | Size: 476918 MB
2 - Basic data partition | Offset (sectors): 976762880 | Size: 476934 MB
User = LL1 ... OK
User = LL2 ... OK
 
rk_94D1.tmp
RogueKiller V12.11.11.0 (x64) [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : GL553VD [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/28/2017 12:27:35 (Duration : 00:25:25)
Switches : -refid
¤¤¤ Processes : 20 ¤¤¤
[Tr.Egguard] svchost.exe(2028) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] spoolsv.exe(2944) -- C:\Windows\System32\spoolsv.exe[-] -> [NoKill]
[Tr.Egguard] svchost.exe(3144) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] svchost.exe(3180) -- C:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] svchost.exe(3236) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] svchost.exe(3768) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Adw.Wizzcaster] Connectifyd.exe(4544) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe[7] -> Killed [TermProc]
[Tr.Egguard] svchost.exe(6484) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] svchost.exe(1180) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Adw.Wizzcaster|Tr.Egguard] QwzVnJGAa9.exe(10884) -- C:\Program Files\Microsoft Office\M0R9OHCQHMU6RD\QwzVnJGAa9.exe[-] -> Killed [TermProc]
[Tr.Egguard] svchost.exe(11812) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Adw.Wizzcaster|Adw.Tuto4PC|Tr.Egguard|VT.Adware.Tuto4PC.Generic] _2Hl'iLnhç.exe(12616) -- C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe[-] -> Killed [TermProc]
[Tr.Egguard] svchost.exe(3536) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] svchost.exe(8636) -- c:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] smartscreen.exe(10680) -- C:\Windows\System32\smartscreen.exe[-] -> Killed [TermThr]
[Tr.Egguard] svchost.exe(16128) -- C:\Windows\System32\svchost.exe[7] -> [NoKill]
[Tr.Egguard] rundll32.exe(15384) -- C:\Windows\System32\rundll32.exe[-] -> Killed [TermProc]
[Suspicious.Path|VT.Trojan/Win64.Eroyee.C1992162] gEA21.tmp.exe(15236) -- C:\Windows\Temp\gEA21.tmp.exe[-] -> Killed [TermProc]
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] Mswapi64.dll(15384) -- C:\ProgramData\Windows\System32\Mswapi64.dll[-] -> Found
[Root.Wajam|VT.malicious_confidence_60% (D)] (SVC) 8e44f3b89f0a25c00337268e396acc08 -- \??\C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys[7] -> Stopped
¤¤¤ Registry : 41 ¤¤¤
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001 | LibraryPath : C:\ProgramData\Windows\System32\Mswapi64.dll [-] ->
[Suspicious.Path|Tr.Egguard|VT.Trojan.SafeGuard.WnskRST] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001 | LibraryPath : C:\ProgramData\Windows\System32\Mswapi64.dll [-] ->
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{BFD6B750-C600-456A-BB8F-FA18D10F2C1B} (C:\Program Files (x86)\WindowsTM\TMDeskBand.dll) -> Not selected
[Adw.Wizzcaster] (X64) HKEY_LOCAL_MACHINE\Software\Speedownloader0099 -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Texttotalk -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Jogotempo -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SkypeUpdateEx -> Not selected
[Adw.Wizzcaster] (X86) HKEY_LOCAL_MACHINE\Software\Speedownloader0099 -> Deleted
[Tr.Gen] (X86) HKEY_LOCAL_MACHINE\Software\WMPNetworkAcSvc -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Amigo -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CoinisRevShare -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CpuzApp -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\csastats -> Not selected
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\FastDataX -> Deleted
[Adw.WifiHotSpot] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Hotspot -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\ProductSetup -> Not selected
[Adw.Wizzcaster] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Speedownloader0099 -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Amigo -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CoinisRevShare -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CpuzApp -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\csastats -> Not selected
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\FastDataX -> Deleted
[Adw.WifiHotSpot] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Hotspot -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\ProductSetup -> Not selected
[Adw.Wizzcaster] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Speedownloader0099 -> Deleted
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\gplyra -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Not selected
[BitMiner.Gen0|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gplyra : C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd [-] -> Deleted
[Suspicious.Path|VT.HackTool:Win32/AutoKMS!rfn] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | DESKTOP-HHD7U7V : C:\WINDOWS\TEMP\gEA20.tmp.exe [-] -> Deleted
[Adw.Tuto4PC|VT.Adware.Tuto4PC.Generic] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Lahin_Raw_barra_al3eb_b3id__2Hl'iLnhç.exe : "C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe" [-] -> Deleted
[Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1d31221886f85c0fbbb38d4251403c4d ("C:\Program Files\1d31221886f85c0fbbb38d4251403c4d\1cf0d4ba009c0a7c9a502498cc1ddff5.exe") -> Deleted
[Root.Wajam|VT.malicious_confidence_60% (D)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\8e44f3b89f0a25c00337268e396acc08 (\??\C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys) -> Deleted
[Adw.ChinAd] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmaMaster (\??\C:\WINDOWS\system32\drivers\lanmamaster.sys) -> Deleted
[Tr.Gen|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkAcSvc ("C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe") -> Deleted
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Not selected
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 21 ¤¤¤
[PUP|PUP][Folder] C:\ProgramData\Microleaves -> Removed at reboot [91]
[PUP|PUP][Folder] C:\ProgramData\Microleaves\Online Application -> ERROR [5]
[Hj.Shortcut][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Shortcut cleaned
[Adw.ChinAd][File] C:\Windows\System32\LanmaMasterHelp.dll -> Removed at reboot [5]
[Root.Wajam][File] C:\Windows\System32\drivers\8e44f3b89f0a25c00337268e396acc08.sys -> Deleted
[Adw.ChinAd][File] C:\Windows\System32\drivers\lanmamaster.sys -> Removed at reboot [5]
[BitMiner.Gen0][Folder] C:\Users\GL553VD\AppData\Roaming\gplyra -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\decredGeForce GTX 1050gw256l4tc8128.bin -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\gplyra.conf -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\aes_helper.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\blake.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\blake256.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\bmw.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\bmw256.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\cubehash.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\darkcoin-mod.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\decred.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\echo.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\fugue.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\groestl.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\groestl256.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\jh.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\keccak.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\keccak1600.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\luffa.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\lyra2.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\lyra2re.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\lyra2rev2.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\lyra2v2.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\neoscrypt.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\shabal.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\shavite.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\simd.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\skein.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\skein256.cl -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel\vanilla.cl -> Deleted
[BitMiner.Gen0][Folder] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\kernel -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\msvcr120.dll -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd -> Deleted
[BitMiner.Gen0][Folder] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra -> Deleted
[BitMiner.Gen0][File] C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra-uninst.exe -> Deleted
[PUP|PUP][Folder] C:\Users\GL553VD\AppData\Roaming\Microleaves -> Deleted
[PUP|PUP][File] C:\Users\GL553VD\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1\Basic Installer with memory detection Amonetize.msi -> Deleted
[PUP|PUP][Folder] C:\Users\GL553VD\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1 -> Deleted
[PUP|PUP][Folder] C:\Users\GL553VD\AppData\Roaming\Microleaves\Online Application 2.6.0\install -> Deleted
[PUP|PUP][Folder] C:\Users\GL553VD\AppData\Roaming\Microleaves\Online Application 2.6.0 -> Deleted
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Removed at reboot [5]
[Tr.Gen][Folder] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc -> Removed at reboot [91]
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\config.ini -> Deleted
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\pg2.0.0.6.exe -> Deleted
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\st.con -> Deleted
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\st.log -> Deleted
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\svc_client.exe.old.bak- -> Deleted
[Tr.Gen][File] C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe -> Removed at reboot [5]
[PUP][Folder] C:\Users\GL553VD\AppData\Local\AdvinstAnalytics -> Deleted
[PUP][File] C:\Users\GL553VD\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\2.6.0\tracking.ini -> Deleted
[PUP][Folder] C:\Users\GL553VD\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf\2.6.0 -> Deleted
[PUP][Folder] C:\Users\GL553VD\AppData\Local\AdvinstAnalytics\57bec79515c1ec525f8858bf -> Deleted
[PUP][File] C:\Users\GL553VD\AppData\Local\ed1298a45f9749e198d43d272e433ec4\1g9FR1xMslvmB.exe -> Removed at reboot [5]
[PUP][File] C:\ProgramData\f84cbd88e2ed4b019af890a81efaba4c\EudnVUuam5XgCd.exe -> Deleted
[PUP|PUP][Folder] C:\ProgramData\Microleaves -> Removed at reboot [91]
[PUP|PUP][Folder] C:\ProgramData\Microleaves\Online Application\updates -> ERROR [5]
[PUP|PUP][Folder] C:\ProgramData\Microleaves\Online Application -> Removed at reboot [91]
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo -> Deleted
[PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo\Jogotempo.lnk -> Deleted
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Shortcut cleaned
[Tr.Egguard][File] C:\ProgramData\Windows\System32\Mswapi64.dll -> Removed at reboot [5]
[Adw.Tuto4PC][File] C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\WindowsTM -> Deleted
[Hj.Shortcut][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe https://launchpage.org/?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD/yyA7jflmK0yg8qceD7pVm2I+VJtvjfVwAic= -> Shortcut cleaned
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS128G39TND-N210A +++++
--- User ---
[MBR] b138114d6bf4c46d6813adb68b152026
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 120673 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 248301568 | Size: 862 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 72d802927eba00916c896a4d2a5b29a4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 16 MB
1 - Basic data partition | Offset (sectors): 34816 | Size: 476918 MB
2 - Basic data partition | Offset (sectors): 976762880 | Size: 476934 MB
User = LL1 ... OK
User = LL2 ... OK
 
I can't download both Malwarebytes and adwcleaner. it says that the signature of the file are corrupted or invalid and when I try to run it anyway it says this app has been blocked for your protection. What should I do? I've tried to download it on another pc but it says the same thing when I try to install it.
 
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 8/29/17
Scan Time: 2:32 AM
Log File: ac46d91e-8c27-11e7-86b7-88d7f622ed35.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2652
License: Free
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: DESKTOP-HHD7U7V\GL553VD
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408057
Threats Detected: 253
Threats Quarantined: 253
Time Elapsed: 1 min, 55 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 3
Adware.Agent.Generic, C:\PROGRAMDATA\{463679EF-F19D-CE44-CE4D-4D23EE71AEB0}\F97F655F-4ED4-D2F4-5C4F-1AFF68C9AD8B.exe, Quarantined, [1411], [331038],1.0.2652
Adware.Agent.Generic, C:\PROGRAMDATA\{B9F9642F-0E52-D384-2BEC-FB199A208E24}\EF3C8478-5897-33D3-F18A-9C097362FF41.exe, Quarantined, [1411], [331038],1.0.2652
RiskWare.BitCoinMiner, C:\WINDOWS\TEMP\GEA21.TMP.EXE, Quarantined, [94], [423158],1.0.2652
Module: 20
Adware.Agent.Generic, C:\PROGRAMDATA\{463679EF-F19D-CE44-CE4D-4D23EE71AEB0}\F97F655F-4ED4-D2F4-5C4F-1AFF68C9AD8B.exe, Quarantined, [1411], [331038],1.0.2652
Adware.Agent.Generic, C:\PROGRAMDATA\{B9F9642F-0E52-D384-2BEC-FB199A208E24}\EF3C8478-5897-33D3-F18A-9C097362FF41.exe, Quarantined, [1411], [331038],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Quarantined, [158], [422399],1.0.2652
RiskWare.BitCoinMiner, C:\WINDOWS\TEMP\GEA21.TMP.EXE, Quarantined, [94], [423158],1.0.2652
Registry Key: 117
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Delete-on-Reboot, [5334], [425124],1.0.2652
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780E7947-790E-0579-7911-0C7A0D0B117D}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A53F86D-664C-42C5-A7D1-A4BEB5FE4257}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A53F86D-664C-42C5-A7D1-A4BEB5FE4257}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2D2EE9E-0F17-AE1A-1E6D-4136C4F92719}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1AD140-90D8-4391-9E9C-DE6813B6E9E5}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E1AD140-90D8-4391-9E9C-DE6813B6E9E5}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66864559-D12D-F2F2-00ED-0835A31A33EA}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7DE9703-02F0-41EE-ABAB-70970106822D}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7DE9703-02F0-41EE-ABAB-70970106822D}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9301C58F-24AA-7224-0851-094DAE076703}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D057713D-3FA0-493C-BEA3-7CA901386708}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D057713D-3FA0-493C-BEA3-7CA901386708}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1d31221886f85c0fbbb38d4251403c4d, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C41D66F-BB4F-454B-AFD7-445831FA68AC}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C41D66F-BB4F-454B-AFD7-445831FA68AC}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [5334], [425125],1.0.2652
Adware.Egguard.WnskRST, HKLM\SOFTWARE\CLASSES\TYPELIB\{8A1367D3-9453-4C05-A220-772AFF310C90}, Delete-on-Reboot, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8A1367D3-9453-4C05-A220-772AFF310C90}, Delete-on-Reboot, [158], [422399],1.0.2652
Adware.Egguard.WnskRST, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8A1367D3-9453-4C05-A220-772AFF310C90}, Delete-on-Reboot, [158], [422399],1.0.2652
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [318], [-1],0.0.0
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5548], [406765],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5548], [406766],1.0.2652
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [22], [260247],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5548], [406767],1.0.2652
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Delete-on-Reboot, [1702], [424293],1.0.2652
PUP.Optional.InstallCore, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\csastats, Delete-on-Reboot, [2], [260986],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5548], [406768],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5548], [406765],1.0.2652
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{36792463}, Delete-on-Reboot, [22], [260250],1.0.2652
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1d31221886f85c0fbbb38d4251403c4d, Delete-on-Reboot, [4618], [424836],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5548], [406769],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5548], [406766],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5548], [406770],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5548], [406767],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5548], [406773],1.0.2652
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [22], [260247],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5548], [406768],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5548], [406774],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5548], [406769],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5548], [406775],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5548], [406770],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5548], [406778],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5548], [406773],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5548], [406779],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5548], [406774],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5548], [406781],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5548], [406775],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5548], [406788],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5548], [406778],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5548], [406787],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5548], [406779],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5548], [406783],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5548], [406781],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5548], [406784],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5548], [406788],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5548], [406789],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5548], [406787],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5548], [406823],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5548], [406783],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5548], [406822],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5548], [406784],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5548], [406790],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5548], [406789],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5548], [406791],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5548], [406823],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5548], [406792],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5548], [406822],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5548], [406821],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5548], [406790],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5548], [406806],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5548], [406791],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5548], [406807],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5548], [406792],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5548], [406812],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5548], [406821],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5548], [406811],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5548], [406806],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5548], [406810],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5548], [406807],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5548], [406809],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5548], [406812],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5548], [406804],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5548], [406811],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5548], [406805],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5548], [406810],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5548], [406803],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5548], [406809],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5548], [406802],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5548], [406804],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5548], [406801],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5548], [406805],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5548], [406799],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5548], [406798],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5548], [406803],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5548], [406797],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5548], [406802],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5548], [406796],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5548], [406801],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5548], [406795],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5548], [406799],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5548], [406786],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5548], [406798],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5548], [406785],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5548], [406797],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5548], [406777],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5548], [406796],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5548], [406795],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5548], [406786],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5548], [406785],1.0.2652
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5548], [406777],1.0.2652
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.2652
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.2652
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [83], [170024],1.0.2652
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Code Easy Toolbar, Delete-on-Reboot, [4247], [-1],0.0.0
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E4BB9C-7965-434A-B29C-55D46BE45878}, Delete-on-Reboot, [4247], [-1],0.0.0
Trojan.Wdfload.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D1E4BB9C-7965-434A-B29C-55D46BE45878}, Delete-on-Reboot, [4247], [-1],0.0.0
Registry Value: 21
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Delete-on-Reboot, [5334], [425124],1.0.2652
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [5334], [425125],1.0.2652
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [5334], [425126],1.0.2652
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Delete-on-Reboot, [318], [391291],1.0.2652
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Delete-on-Reboot, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Delete-on-Reboot, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [318], [-1],0.0.0
PUP.Optional.NotChromeRun, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROMIUM, Delete-on-Reboot, [1377], [391151],1.0.2652
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{36792463}|1, Delete-on-Reboot, [22], [260250],1.0.2652
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1d31221886f85c0fbbb38d4251403c4d|DISPLAYNAME, Delete-on-Reboot, [4618], [424836],1.0.2652
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{DBA3DA76-48E3-4EE7-B2B0-8954282547EE}|AUTOCONFIGURL, Delete-on-Reboot, [318], [391290],1.0.2652
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{267f612f-6a2d-4b38-9850-304ae69b223a}|NAMESERVER, Delete-on-Reboot, [5611], [260227],1.0.2652
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{533390e2-d7f8-4773-a4e5-08b527bd7316}|NAMESERVER, Delete-on-Reboot, [5611], [260227],1.0.2652
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}|NAMESERVER, Delete-on-Reboot, [5611], [260227],1.0.2652
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{738df7f4-7250-492d-8dae-95577e759750}|NAMESERVER, Delete-on-Reboot, [5611], [260227],1.0.2652
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, Delete-on-Reboot, [318], [391288],1.0.2652
Trojan.Agent.Generic, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QwzVnJGAa9.exe, Delete-on-Reboot, [458], [369948],1.0.2652
Trojan.Agent.Generic, HKU\S-1-5-21-890557738-1276667348-2891567123-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1g9FR1xMslvmB.exe, Delete-on-Reboot, [458], [369948],1.0.2652
Registry Data: 12
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{267f612f-6a2d-4b38-9850-304ae69b223a}|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{267f612f-6a2d-4b38-9850-304ae69b223a}|DhcpNameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{533390e2-d7f8-4773-a4e5-08b527bd7316}|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{533390e2-d7f8-4773-a4e5-08b527bd7316}|DhcpNameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}|DhcpNameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{738df7f4-7250-492d-8dae-95577e759750}|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{738df7f4-7250-492d-8dae-95577e759750}|DhcpNameServer, Replace-on-Reboot, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c08d1242-d65b-4299-8b50-531ba486a0fa}|NameServer, Replace-on-Reboot, [22], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NAMESERVER, Replace-on-Reboot, [5611], [293494],1.0.2652
Data Stream: 0
(No malicious items detected)
Folder: 16
Adware.Agent.Generic, C:\PROGRAMDATA\{463679EF-F19D-CE44-CE4D-4D23EE71AEB0}, Delete-on-Reboot, [1411], [331038],1.0.2652
Adware.Agent.Generic, C:\PROGRAMDATA\{B9F9642F-0E52-D384-2BEC-FB199A208E24}, Delete-on-Reboot, [1411], [331038],1.0.2652
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32, Delete-on-Reboot, [158], [422399],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\browser, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\network, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\chrome, Delete-on-Reboot, [1869], [353141],1.0.2652
Rogue.Agent.D.Generic, C:\PROGRAMDATA\36792463, Delete-on-Reboot, [2650], [371980],1.0.2652
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates, Delete-on-Reboot, [8523], [399763],1.0.2652
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application, Delete-on-Reboot, [8523], [399763],1.0.2652
Adware.OnlineIO, C:\PROGRAMDATA\MICROLEAVES, Delete-on-Reboot, [8523], [399763],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{063839c8-712c-0}, Delete-on-Reboot, [8286], [407180],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0c4a4571-612c-1}, Delete-on-Reboot, [8286], [407180],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\36416d1f-2c13-0, Delete-on-Reboot, [8286], [407181],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\36416d1f-32b3-1, Delete-on-Reboot, [8286], [407181],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\a53aa1a0-0da3-1, Delete-on-Reboot, [8286], [407181],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\a53aa1a0-3a87-0, Delete-on-Reboot, [8286], [407181],1.0.2652
File: 64
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\36416d1f-2c13-0\BIT7542.tmp, Delete-on-Reboot, [14629], [257931],1.0.2652
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\36416d1f-32b3-1\BIT7532.tmp, Delete-on-Reboot, [14629], [257931],1.0.2652
PUP.Optional.Palikan, C:\USERS\GL553VD\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\PALIKAN.ICO, Delete-on-Reboot, [1673], [255721],1.0.2652
Adware.Agent.Generic, C:\PROGRAMDATA\{463679EF-F19D-CE44-CE4D-4D23EE71AEB0}\F97F655F-4ED4-D2F4-5C4F-1AFF68C9AD8B.exe, Delete-on-Reboot, [1411], [331038],1.0.2652
Adware.Agent.Generic, C:\PROGRAMDATA\{B9F9642F-0E52-D384-2BEC-FB199A208E24}\EF3C8478-5897-33D3-F18A-9C097362FF41.exe, Delete-on-Reboot, [1411], [331038],1.0.2652
PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\{780E7947-790E-0579-7911-0C7A0D0B117D}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\{E2D2EE9E-0F17-AE1A-1E6D-4136C4F92719}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\{66864559-D12D-F2F2-00ED-0835A31A33EA}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\{9301C58F-24AA-7224-0851-094DAE076703}, Delete-on-Reboot, [5334], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\1d31221886f85c0fbbb38d4251403c4d, Delete-on-Reboot, [5334], [-1],0.0.0
Adware.Egguard.WnskRST, C:\PROGRAMDATA\WINDOWS\SYSTEM32\Mswapi64.dll, Delete-on-Reboot, [158], [422399],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\chrome\libvlc.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\chrome\vlc.exe, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\chrome\work.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\ca.crt, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\ca.key, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\cert8.db, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\certutil.exe, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\freebl3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\key3.db, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\libnspr4.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\libplc4.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\libplds4.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\libvlc.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\nss3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\nssckbi.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\nssdbm3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\nssutil3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\secmod.db, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\smime3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\softokn3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\sqlite3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\ssl3.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\vlc.exe, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\func\work.dll, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\network\default_cse.js, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\network\general.js, Delete-on-Reboot, [1869], [353141],1.0.2652
Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe, Delete-on-Reboot, [1869], [353141],1.0.2652
Rogue.Agent.D.Generic, C:\ProgramData\36792463\356a0680.dll, Delete-on-Reboot, [2650], [371980],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{063839c8-712c-0}\BIT4826.tmp, Delete-on-Reboot, [8286], [407180],1.0.2652
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{0c4a4571-612c-1}\BIT4815.tmp, Delete-on-Reboot, [8286], [407180],1.0.2652
PUP.Optional.Amonetize, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, Delete-on-Reboot, [6], [302488],1.0.2652
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\47480734.JS, Delete-on-Reboot, [1136], [330648],1.0.2652
PUP.Optional.Palikan, C:\USERS\GL553VD\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [1673], [303034],1.0.2652
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\47480734.CFG, Delete-on-Reboot, [1136], [330649],1.0.2652
RiskWare.BitCoinMiner, C:\WINDOWS\TEMP\GEA21.TMP.EXE, Delete-on-Reboot, [94], [423158],1.0.2652
Trojan.Agent.Generic, C:\PROGRAM FILES\MICROSOFT OFFICE\M0R9OHCQHMU6RD\QWZVNJGAA9.EXE, Delete-on-Reboot, [458], [369948],1.0.2652
Trojan.Agent.Generic, C:\USERS\GL553VD\APPDATA\LOCAL\ED1298A45F9749E198D43D272E433EC4\1G9FR1XMSLVMB.EXE, Delete-on-Reboot, [458], [369948],1.0.2652
Adware.Amonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\2CAFFE3FE2F4417E.VIR, Delete-on-Reboot, [671], [378669],1.0.2652
Adware.Tuto4PC, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\39C7DA96F4D91F9B.VIR, Delete-on-Reboot, [719], [391326],1.0.2652
Adware.ChinAd, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\729C4838408EA2DA.VIR, Delete-on-Reboot, [534], [402645],1.0.2652
Trojan.SafeGuard.WnskRST, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9EC3469AF22069C6.VIR, Delete-on-Reboot, [1771], [422842],1.0.2652
Adware.ChinAd, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BCC3268602279898.VIR, Delete-on-Reboot, [534], [402645],1.0.2652
Trojan.Agent.Generic, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\E5DDEE7D8096647A.VIR, Delete-on-Reboot, [458], [369948],1.0.2652
Trojan.Wdfload.TskLnk, C:\PROGRAM FILES\CODE EASY TOOLBAR\CODE EASY TOOLBAR.DLL, Delete-on-Reboot, [4247], [424430],1.0.2652
Trojan.Wdfload.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Code Easy Toolbar, Delete-on-Reboot, [4247], [-1],0.0.0
Adware.IStartSurf, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\193972791EDD4D7A9EA9CF75B850884D\SETUP.EXE, Delete-on-Reboot, [801], [428249],1.0.2652
Adware.Wajam, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE, Delete-on-Reboot, [1170], [428254],1.0.2652
PUP.Optional.FastDataX, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\3211E3098C2E47048B77F38A08C0C531\DATA.EXE, Delete-on-Reboot, [8333], [407240],1.0.2652
Adware.Wajam, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\S2S.EXE, Delete-on-Reboot, [1170], [428253],1.0.2652
PUP.Optional.OpenCandy, C:\USERS\GL553VD\DOWNLOADS\CHEATENGINE66.EXE, Delete-on-Reboot, [514], [101648],1.0.2652
Adware.HPDefender, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\INSTALLER_CAMPAIGN_1877.EXE, Delete-on-Reboot, [23], [425825],1.0.2652
PUP.Optional.BitCoinMiner, C:\USERS\GL553VD\APPDATA\LOCAL\TEMP\D8A2C317D5404983A989C792F013C425\OZVI7ZGJTG.EXE, Delete-on-Reboot, [177], [363441],1.0.2652
Physical Sector: 0
(No malicious items detected)

(end)
 
Adwcleaner[C0].txt
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 28 19:47:03 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: WMPNetworkAcSvc

***** [ Folders ] *****
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\ProgramData\{463679EF-F19D-CE44-CE4D-4D23EE71AEB0}
Deleted: C:\ProgramData\{B9F9642F-0E52-D384-2BEC-FB199A208E24}

***** [ Files ] *****
Deleted: C:\Windows\SysNative\drivers\lanmamaster.sys
Deleted: C:\Windows\SysNative\lanmamasterHelp.dll

***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Cleaned: C:\Users\GL553VD\Desktop\Google Chrome.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D]
Cleaned: C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D]
Cleaned: C:\Users\GL553VD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWEzIqURG1eos8mHTnD%2FyyA7jflmK0yg8qceD7pVm2I%2BVJtvjfVwAic%3D]

***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\connectify-lite.en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\line-windows-10.en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\plarium.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\plusnetwork.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.plusnetwork.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\connectify-lite.en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\line-windows-10.en.softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\plarium.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\plusnetwork.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.plusnetwork.com
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\CoinisRevShare
Deleted: [Key] - HKCU\Software\CoinisRevShare
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKLM\SOFTWARE\SkypeUpdateEx
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\msaver
Deleted: [Key] - HKCU\Software\msaver
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKLM\SOFTWARE\jogotempo
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Amigo
Deleted: [Key] - HKCU\Software\Amigo
Deleted: [Key] - HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [9595 B] - [2017/8/28 19:42:5]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by GL553VD (Administrator) on Tue 08/29/2017 at 2:54:11.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 1
Successfully deleted: C:\ProgramData\f84cbd88e2ed4b019af890a81efaba4c (Folder)

Registry: 0


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/29/2017 at 2:56:37.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Good :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST.txt
Loaded Profiles: GL553VD (Available Profiles: defaultuser0 & GL553VD)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
() C:\Windows\opcddemg.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\AWiCMgr.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
((C) LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\LINE_APP.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(BitTorrent Inc.) C:\Users\GL553VD\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(BitTorrent Inc.) C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\GL553VD\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Valve Corporation) D:\Games\Program Games\Steam\Steam.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) D:\Games\Program Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Users\GL553VD\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [AWiC] => C:\Program Files (x86)\Qualcomm Atheros\AWiCMgr.exe [179840 2014-05-14] (Atheros)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4146744 2016-11-18] (Connectify)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1879152 2017-08-01] (Smadsoft)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [uTorrent] => C:\Users\GL553VD\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Google Update] => C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-19] (Google Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Steam] => D:\Games\Program Games\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{267f612f-6a2d-4b38-9850-304ae69b223a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{267f612f-6a2d-4b38-9850-304ae69b223a}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{4930d2d6-73f8-11e7-b37b-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{533390e2-d7f8-4773-a4e5-08b527bd7316}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{533390e2-d7f8-4773-a4e5-08b527bd7316}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{738df7f4-7250-492d-8dae-95577e759750}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{738df7f4-7250-492d-8dae-95577e759750}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c08d1242-d65b-4299-8b50-531ba486a0fa}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774019071&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774028961&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: lu7sbzli.default
FF ProfilePath: C:\Users\GL553VD\AppData\Roaming\Mozilla\Firefox\Profiles\lu7sbzli.default [2017-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-08-24]
Chrome:
=======
CHR Profile: C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default [2017-08-29]
CHR Extension: (Google Slides) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-27]
CHR Extension: (Google Docs) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-27]
CHR Extension: (Google Drive) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-27]
CHR Extension: (YouTube) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-27]
CHR Extension: (Google Sheets) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\GL553VD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-17] (ASUSTek Computer Inc.)
S2 ASUS Rog Aura Core; C:\Program Files (x86)\ASUS\ROG Aura Core\AuraCoreSrv.exe [552600 2016-10-15] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
S3 AWiCSrvc; C:\Program Files (x86)\Qualcomm Atheros\AWiCSrvc.exe [50816 2014-05-14] (Atheros Communications) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-08-15] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-11-18] (Connectify)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 opcddemg; C:\WINDOWS\opcddemg.exe [57344 2004-11-09] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-05-09] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-10-22] (ASUSTeK COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-08] (SolidWorks) [File not signed]
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-01-31] (Code Sector)
R2 TMhardwareHelp; C:\Windows\SysWow64\TMhardwareHelp.dll [461096 2017-08-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-26] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-12] (ASUS Corporation)
R1 cfywlan2; C:\WINDOWS\system32\DRIVERS\cfywlan2.sys [46088 2017-05-07] (Connectify)
R1 cnnctfy4; C:\WINDOWS\system32\DRIVERS\cnnctfy4.sys [53216 2017-05-07] (Connectify)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-28] (Disc Soft Ltd)
S3 GENERICDRV; C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\3\amifldrv64.sys [17896 2017-01-05] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [249104 2016-10-07] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_15c6c286fd4435fd\nvlddmkm.sys [15668664 2017-07-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2017-07-29] () [File not signed]
R2 TMhardware; C:\WINDOWS\system32\drivers\TMhardware.sys [215072 2017-07-11] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
S1 wnsbefhk; C:\WINDOWS\system32\drivers\wnsbefhk.sys [55168 2017-08-29] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-29 06:22 - 2017-08-29 06:22 - 000055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wnsbefhk.sys
2017-08-29 02:56 - 2017-08-29 02:56 - 000000638 _____ C:\Users\GL553VD\Desktop\JRT.txt
2017-08-29 02:52 - 2017-08-29 02:52 - 001790024 _____ (Malwarebytes) C:\Users\GL553VD\Downloads\JRT.exe
2017-08-29 02:49 - 2017-08-29 12:02 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\uTorrent
2017-08-29 02:47 - 2017-08-29 02:47 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-08-29 02:37 - 2017-08-29 02:37 - 000042003 _____ C:\Users\GL553VD\Desktop\report.txt
2017-08-29 02:31 - 2017-08-29 02:48 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-29 02:31 - 2017-08-29 02:31 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-29 02:31 - 2017-08-29 02:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-29 02:31 - 2017-08-29 02:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-29 02:31 - 2017-08-29 02:31 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-29 02:31 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-29 02:30 - 2017-08-29 02:50 - 000000000 ____D C:\AdwCleaner
2017-08-29 02:25 - 2017-08-29 02:25 - 008185288 _____ (Malwarebytes) C:\Users\GL553VD\Downloads\AdwCleaner.exe
2017-08-28 19:05 - 2017-08-28 18:25 - 066347240 _____ (Malwarebytes ) C:\Users\GL553VD\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-08-28 12:39 - 2017-08-29 02:36 - 000000000 ____D C:\Users\GL553VD\AppData\Local\ed1298a45f9749e198d43d272e433ec4
2017-08-28 12:27 - 2017-08-28 12:27 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-28 12:26 - 2017-08-28 12:59 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-28 12:26 - 2017-08-28 12:26 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-28 12:26 - 2017-08-28 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-28 12:26 - 2017-08-28 12:26 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-28 12:15 - 2017-08-28 12:16 - 035772800 _____ (Adlice Software ) C:\Users\GL553VD\Downloads\RogueKiller_setup_ref3.exe
2017-08-28 08:23 - 2017-08-28 08:23 - 000162509 _____ C:\Users\GL553VD\Downloads\BAb- 02 Deret Taylor dan Analisis Galat.pdf
2017-08-27 11:07 - 2017-08-27 11:07 - 000000000 ____D C:\Users\GL553VD\Downloads\FRST
2017-08-27 10:45 - 2017-08-29 12:06 - 000000000 ____D C:\FRST
2017-08-25 11:21 - 2017-08-25 11:21 - 000000000 ____D C:\WINDOWS\system32\tmp
2017-08-24 06:08 - 2017-08-24 06:08 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\FLUIDSIM3
2017-08-24 05:29 - 2017-08-25 11:06 - 000000000 ____D C:\ProgramData\DataCache
2017-08-24 05:19 - 2017-08-29 02:47 - 000000000 ____D C:\ProgramData\Windows
2017-08-24 05:19 - 2017-08-24 05:26 - 000000000 ____D C:\ProgramData\Cache
2017-08-24 05:19 - 2017-08-24 05:19 - 000461096 _____ C:\WINDOWS\SysWOW64\TMhardwareHelp.dll
2017-08-24 05:19 - 2017-08-24 05:19 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-08-24 05:14 - 2017-08-24 05:14 - 000000000 ____D C:\Users\GL553VD\Documents\FluidSIM Pneumatics
2017-08-24 05:14 - 2017-08-24 05:14 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\FL_SIM_P4_GB
2017-08-24 05:11 - 2017-08-24 05:11 - 000000000 ____D C:\Program Files (x86)\Didactic
2017-08-24 05:10 - 2017-08-24 05:10 - 000000000 ____D C:\Program Files\WIBU-SYSTEMS
2017-08-24 05:10 - 2017-08-24 05:10 - 000000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2017-08-23 21:15 - 2017-08-23 21:54 - 487858176 _____ C:\Users\GL553VD\Downloads\fluidsim_pneu_45d_001.iso
2017-08-23 18:32 - 2017-08-23 18:32 - 001677824 _____ C:\WINDOWS\0d5921fab3be2e283707cdde8cda83b6.exe
2017-08-23 18:32 - 2017-08-23 18:32 - 000039806 _____ C:\WINDOWS\uninstaller.dat
2017-08-18 11:10 - 2017-08-18 11:10 - 004204032 _____ (crosire) C:\Users\GL553VD\Downloads\ReShade_Setup_3.0.8.exe
2017-08-15 14:51 - 2017-08-15 14:51 - 000000000 ____D C:\Users\GL553VD\AppData\Local\UnrealEngine
2017-08-15 14:51 - 2017-08-15 14:51 - 000000000 ____D C:\Users\GL553VD\AppData\Local\TslGame
2017-08-13 16:03 - 2017-08-13 16:03 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-13 16:03 - 2017-07-19 05:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-13 16:03 - 2017-03-11 04:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-13 16:03 - 2017-03-11 04:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-13 16:03 - 2017-03-11 04:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-13 16:03 - 2017-03-11 04:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-13 16:00 - 2017-07-19 07:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-13 16:00 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-13 16:00 - 2017-07-19 07:40 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-13 09:11 - 2017-07-31 22:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-13 09:11 - 2017-07-31 22:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 00:55 - 2017-08-01 09:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 00:55 - 2017-08-01 09:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 00:55 - 2017-08-01 09:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 00:55 - 2017-08-01 09:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 00:55 - 2017-08-01 09:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 00:55 - 2017-08-01 09:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 00:55 - 2017-08-01 09:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 00:55 - 2017-08-01 09:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 00:55 - 2017-08-01 09:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 00:55 - 2017-08-01 09:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 00:55 - 2017-08-01 09:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 00:55 - 2017-08-01 08:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 00:55 - 2017-07-28 12:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 00:55 - 2017-07-28 11:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 00:55 - 2017-07-28 11:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 00:55 - 2017-07-28 11:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 00:55 - 2017-07-28 11:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 00:55 - 2017-07-28 11:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 00:55 - 2017-07-28 11:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 00:55 - 2017-07-28 11:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 00:55 - 2017-07-28 11:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 00:55 - 2017-07-28 11:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 00:55 - 2017-07-28 11:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 00:55 - 2017-07-28 11:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 00:55 - 2017-07-28 11:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 00:55 - 2017-07-28 11:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 00:55 - 2017-07-28 11:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 00:55 - 2017-07-28 11:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 00:55 - 2017-07-28 11:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 00:55 - 2017-07-28 11:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 00:55 - 2017-07-28 11:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 00:55 - 2017-07-28 11:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 00:54 - 2017-08-01 09:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 00:54 - 2017-08-01 09:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 00:54 - 2017-08-01 09:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 00:54 - 2017-08-01 09:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 00:54 - 2017-08-01 09:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 00:54 - 2017-08-01 09:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 00:54 - 2017-08-01 09:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 00:54 - 2017-08-01 09:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 00:54 - 2017-08-01 09:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 00:54 - 2017-08-01 09:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 00:54 - 2017-08-01 09:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 00:54 - 2017-08-01 09:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 00:54 - 2017-08-01 09:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 00:54 - 2017-08-01 09:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 00:54 - 2017-08-01 09:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 00:54 - 2017-08-01 09:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 00:54 - 2017-08-01 09:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 00:54 - 2017-08-01 09:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 00:54 - 2017-08-01 09:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 00:54 - 2017-08-01 09:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 00:54 - 2017-08-01 09:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 00:54 - 2017-08-01 09:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 00:54 - 2017-08-01 09:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 00:54 - 2017-08-01 09:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 00:54 - 2017-08-01 09:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 00:54 - 2017-08-01 09:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 00:54 - 2017-08-01 09:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 00:54 - 2017-08-01 09:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 00:54 - 2017-08-01 09:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 00:54 - 2017-08-01 09:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 00:54 - 2017-08-01 09:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 00:54 - 2017-08-01 09:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 00:54 - 2017-08-01 08:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 00:54 - 2017-08-01 08:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 00:54 - 2017-08-01 08:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 00:54 - 2017-08-01 08:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 00:54 - 2017-08-01 08:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 00:54 - 2017-08-01 08:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 00:54 - 2017-08-01 08:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 00:54 - 2017-08-01 08:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 00:54 - 2017-08-01 08:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 00:54 - 2017-08-01 08:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 00:54 - 2017-08-01 08:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 00:54 - 2017-08-01 08:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 00:54 - 2017-08-01 08:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 00:54 - 2017-08-01 08:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 00:54 - 2017-08-01 08:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 00:54 - 2017-08-01 08:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 00:54 - 2017-08-01 08:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 00:54 - 2017-08-01 05:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 00:54 - 2017-07-28 12:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 00:54 - 2017-07-28 12:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 00:54 - 2017-07-28 12:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 00:54 - 2017-07-28 12:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 00:54 - 2017-07-28 12:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 00:54 - 2017-07-28 12:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 00:54 - 2017-07-28 12:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 00:54 - 2017-07-28 12:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 00:54 - 2017-07-28 12:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 00:54 - 2017-07-28 12:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 00:54 - 2017-07-28 12:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 00:54 - 2017-07-28 12:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 00:54 - 2017-07-28 12:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 00:54 - 2017-07-28 12:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 00:54 - 2017-07-28 12:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 00:54 - 2017-07-28 12:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 00:54 - 2017-07-28 12:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 00:54 - 2017-07-28 12:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 00:54 - 2017-07-28 12:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 00:54 - 2017-07-28 12:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 00:54 - 2017-07-28 12:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 00:54 - 2017-07-28 11:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 00:54 - 2017-07-28 11:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 00:54 - 2017-07-28 11:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 00:54 - 2017-07-28 11:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 00:54 - 2017-07-28 11:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 00:54 - 2017-07-28 11:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 00:54 - 2017-07-28 11:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 00:54 - 2017-07-28 11:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 00:54 - 2017-07-28 11:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 00:54 - 2017-07-28 11:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 00:54 - 2017-07-28 11:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 00:54 - 2017-07-28 11:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 00:54 - 2017-07-28 11:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 00:54 - 2017-07-28 11:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 00:54 - 2017-07-28 11:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 00:54 - 2017-07-28 11:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 00:54 - 2017-07-28 11:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 00:54 - 2017-07-28 11:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 00:54 - 2017-07-28 11:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 00:54 - 2017-07-28 11:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 00:54 - 2017-07-28 11:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 00:54 - 2017-07-28 11:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 00:54 - 2017-07-28 11:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 00:54 - 2017-07-28 11:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-09 00:54 - 2017-07-28 11:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 00:54 - 2017-07-28 11:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 00:54 - 2017-07-28 11:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 00:54 - 2017-07-28 11:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 00:54 - 2017-07-28 11:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 00:54 - 2017-07-28 11:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 00:54 - 2017-07-28 11:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 00:54 - 2017-07-28 11:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 00:54 - 2017-07-28 11:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 00:54 - 2017-07-28 11:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 00:54 - 2017-07-28 11:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 00:54 - 2017-07-28 11:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 00:54 - 2017-07-28 11:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 00:54 - 2017-07-28 11:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 00:54 - 2017-07-28 11:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 00:54 - 2017-07-28 11:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 00:54 - 2017-07-28 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 00:54 - 2017-07-28 11:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 00:54 - 2017-07-28 11:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 00:54 - 2017-07-28 11:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 00:54 - 2017-07-28 11:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 00:54 - 2017-07-28 11:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 00:54 - 2017-07-28 11:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 00:54 - 2017-07-28 11:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 00:54 - 2017-07-28 11:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 00:54 - 2017-07-28 11:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 00:54 - 2017-07-28 11:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 00:54 - 2017-07-28 11:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 00:53 - 2017-08-01 09:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 00:53 - 2017-08-01 09:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 00:53 - 2017-08-01 09:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 00:53 - 2017-08-01 09:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 00:53 - 2017-08-01 08:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 00:53 - 2017-08-01 08:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 00:53 - 2017-08-01 08:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 00:53 - 2017-08-01 08:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 00:53 - 2017-08-01 08:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 00:53 - 2017-08-01 08:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-09 00:53 - 2017-08-01 08:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 00:53 - 2017-08-01 08:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 00:53 - 2017-08-01 08:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 00:53 - 2017-08-01 08:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 00:53 - 2017-08-01 08:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 00:53 - 2017-08-01 08:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 00:53 - 2017-08-01 08:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 00:53 - 2017-08-01 08:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 00:53 - 2017-08-01 08:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 00:53 - 2017-08-01 08:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 00:53 - 2017-08-01 08:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 00:53 - 2017-08-01 08:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 00:53 - 2017-08-01 08:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 00:53 - 2017-08-01 08:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 00:53 - 2017-08-01 08:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 00:53 - 2017-08-01 08:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 00:53 - 2017-08-01 08:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 00:53 - 2017-07-28 12:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 00:53 - 2017-07-28 12:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 00:53 - 2017-07-28 12:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 00:53 - 2017-07-28 12:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 00:53 - 2017-07-28 12:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 00:53 - 2017-07-28 12:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 00:53 - 2017-07-28 12:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 00:53 - 2017-07-28 12:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 00:53 - 2017-07-28 12:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 00:53 - 2017-07-28 12:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 00:53 - 2017-07-28 12:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 00:53 - 2017-07-28 11:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 00:53 - 2017-07-28 11:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 00:53 - 2017-07-28 11:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 00:53 - 2017-07-28 11:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 00:53 - 2017-07-28 11:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 00:53 - 2017-07-28 11:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 00:53 - 2017-07-28 11:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-09 00:53 - 2017-07-28 11:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-09 00:53 - 2017-07-28 11:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 00:53 - 2017-07-28 11:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 00:53 - 2017-07-28 11:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 00:53 - 2017-07-28 11:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 00:53 - 2017-07-28 11:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 00:53 - 2017-07-28 11:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 00:53 - 2017-07-28 11:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 00:53 - 2017-07-28 11:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 00:53 - 2017-07-28 11:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 00:53 - 2017-07-28 11:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 00:53 - 2017-07-28 11:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 00:53 - 2017-07-28 11:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 00:53 - 2017-07-28 11:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 00:53 - 2017-07-28 11:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 00:53 - 2017-07-28 11:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 00:53 - 2017-07-28 11:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 00:53 - 2017-07-28 11:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 00:53 - 2017-07-28 11:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 00:53 - 2017-07-28 11:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 00:53 - 2017-07-28 11:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 00:53 - 2017-07-28 11:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 00:53 - 2017-07-28 11:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 00:53 - 2017-07-28 11:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 00:31 - 2017-08-09 00:31 - 000000000 ____D C:\Users\GL553VD\Downloads\FIFA.17-STEAMPUNKS
2017-07-30 21:55 - 2017-07-30 21:55 - 000000000 ____D C:\ProgramData\Rockstar Games
2017-07-30 21:53 - 2017-07-30 23:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-07-30 18:59 - 2017-07-30 21:07 - 000000000 ____D C:\Users\GL553VD\Downloads\Dog Pound (2010) [1080p] [YTS.AG]
2017-07-30 17:09 - 2017-07-30 17:09 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\Jujubee S_A_
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-29 12:04 - 2017-07-29 08:00 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59C305A5-C62D-4BE3-8E77-0E253A7B408E}
2017-08-29 12:02 - 2017-05-06 17:30 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\uTorrent
2017-08-29 12:02 - 2017-04-22 20:44 - 000000000 ____D C:\Users\GL553VD\Documents\Assassin's Creed Unity
2017-08-29 12:02 - 2017-04-22 07:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-29 12:01 - 2017-04-22 06:57 - 000000000 __SHD C:\Users\GL553VD\IntelGraphicsProfiles
2017-08-29 06:13 - 2017-07-29 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-29 02:55 - 2017-07-29 08:03 - 001121082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-29 02:55 - 2017-04-22 07:08 - 000000000 ____D C:\Users\GL553VD\AppData\Local\CrashDumps
2017-08-29 02:48 - 2017-07-29 08:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-29 02:48 - 2017-07-29 07:53 - 001321592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-29 02:48 - 2017-03-18 18:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-29 02:46 - 2017-04-22 06:57 - 000002499 _____ C:\Users\GL553VD\Desktop\Google Chrome.lnk
2017-08-29 02:46 - 2017-04-22 06:57 - 000002499 _____ C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 02:36 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-29 02:36 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Code Easy Toolbar
2017-08-29 02:30 - 2017-04-21 21:46 - 000000000 ____D C:\Users\GL553VD\AppData\LocalLow\Mozilla
2017-08-28 18:46 - 2017-03-19 04:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-28 18:16 - 2017-03-19 04:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-28 18:16 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-28 12:53 - 2017-04-22 06:57 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-28 12:53 - 2017-04-22 06:57 - 000001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-27 22:56 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\AuditWiz 2005
2017-08-27 21:14 - 2017-07-29 07:55 - 000000000 ____D C:\Users\GL553VD
2017-08-27 21:14 - 2017-04-22 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-27 21:14 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-27 10:46 - 2017-04-22 06:59 - 000000000 ____D C:\Program Files (x86)\SMADAV
2017-08-25 11:04 - 2017-07-29 07:53 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-25 11:03 - 2017-07-29 08:00 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 11:03 - 2017-07-29 08:00 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-08-25 11:03 - 2017-07-29 08:00 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-08-25 11:03 - 2017-07-29 07:53 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-25 11:03 - 2017-04-22 07:01 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-24 05:19 - 2017-04-22 07:08 - 000000000 ____D C:\ProgramData\Intel
2017-08-24 05:18 - 2017-07-29 20:48 - 000000000 ____D C:\Program Files\3D Analyzer
2017-08-24 05:18 - 2017-04-22 06:57 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-22 05:58 - 2017-03-19 03:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-19 12:07 - 2017-04-22 18:16 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
2017-08-18 11:37 - 2017-06-26 09:06 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-18 11:37 - 2017-04-22 07:01 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-18 11:37 - 2017-04-22 07:01 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-18 11:36 - 2017-06-26 09:06 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-18 11:36 - 2017-06-26 09:06 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-18 01:11 - 2017-04-22 05:49 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 23:26 - 2017-05-08 09:28 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-15 14:52 - 2017-04-22 07:02 - 000000000 ____D C:\Users\GL553VD\AppData\Local\NVIDIA Corporation
2017-08-15 13:33 - 2017-04-22 11:26 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-13 17:18 - 2017-05-09 14:28 - 000000000 ____D C:\Users\GL553VD\AppData\Local\Ubisoft Game Launcher
2017-08-13 11:02 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-13 09:18 - 2017-04-22 06:49 - 000000000 ____D C:\Users\GL553VD\AppData\Local\Packages
2017-08-13 09:14 - 2017-04-22 06:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-13 09:11 - 2017-07-29 08:00 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-13 09:11 - 2017-04-22 06:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-13 09:11 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-13 09:11 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 01:22 - 2017-03-19 04:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 00:57 - 2017-04-22 18:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 00:55 - 2017-04-22 18:13 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 19:31 - 2017-05-13 22:19 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\vlc
2017-08-04 19:45 - 2017-07-29 08:00 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-02 06:58 - 2017-03-19 04:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-01 11:00 - 2017-04-22 06:59 - 000000730 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2017-08-01 11:00 - 2017-04-22 06:59 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\Smadav
2017-07-30 23:35 - 2017-04-22 07:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-30 17:05 - 2017-05-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2017-07-30 16:47 - 2017-06-06 09:07 - 000000000 ____D C:\Users\GL553VD\AppData\Roaming\DMCache
==================== Files in the root of some directories =======
2017-06-06 09:20 - 2017-06-06 09:20 - 000019894 _____ () C:\Users\GL553VD\AppData\Roaming\Geregatoc
2017-05-08 07:56 - 2017-05-15 05:26 - 000000000 _____ () C:\Users\GL553VD\AppData\Local\Temptable.xml
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-08-28 12:26 - 2017-07-11 07:33 - 001930320 _____ (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\dllnt_dump.dll
2003-08-16 06:58 - 2003-08-16 06:58 - 001859680 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1A14.EXE
2003-08-16 06:56 - 2003-08-16 06:56 - 012443648 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1B5D.DLL
2017-08-13 16:00 - 2016-12-29 19:28 - 000351680 _____ (NVIDIA Corporation) C:\Users\GL553VD\AppData\Local\Temp\nvStInst.exe
2017-08-24 05:18 - 2017-08-24 05:18 - 000886434 _____ ( ) C:\Users\GL553VD\AppData\Local\Temp\SetupTextToTalk.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-27 11:39
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by GL553VD (29-08-2017 12:06:43)
Running from C:\Users\GL553VD\Downloads\FRST
Windows 10 Home Version 1703 (X64) (2017-07-29 01:02:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-890557738-1276667348-2891567123-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-890557738-1276667348-2891567123-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-890557738-1276667348-2891567123-1000 - Limited - Disabled) => C:\Users\defaultuser0
GL553VD (S-1-5-21-890557738-1276667348-2891567123-1001 - Administrator - Enabled) => C:\Users\GL553VD
Guest (S-1-5-21-890557738-1276667348-2891567123-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Assassin's Creed Unity version 1.0 (HKLM-x32\...\{BFDE508D-7730-4538-BD22-F231500BB914}_is1) (Version: 1.0 - Ubisoft)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0049 - ASUS)
Attack on Titan Wings of Freedom (HKLM-x32\...\Attack on Titan Wings of Freedom_is1) (Version: - )
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s)
Battlefield 1 (HKLM-x32\...\Battlefield 1_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Connectify 2016 (HKLM\...\Connectify) (Version: 2016.0.10.37829 - Connectify)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Gaming Assistant (HKLM-x32\...\{C27B0A7C-BD18-46EF-984A-CCD2799F4CD4}) (Version: 1.0.3 - ASUS)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.8.5262 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Hearts of Iron IV Together for Victory (HKLM-x32\...\Hearts of Iron IV Together for Victory_is1) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
K-Lite Codec Pack 5.4.4 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.4.4 - )
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Napoleon: Total War (HKLM\...\Steam App 34030) (Version: - The Creative Assembly)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.)
Pro Evolution Soccer 2017 (HKLM-x32\...\{A3C10274-808C-4ADC-A13D-D94911180B58}_is1) (Version: - KONAMI)
Proteus 8 Professional (HKLM-x32\...\{B8A525DB-6906-4F0C-92D7-33D55345E4E8}) (Version: 8.0.15417.0 - Labcenter Electronics)
Proteus 8 Professional (HKLM-x32\...\{BA9C523F-BB2D-40AF-80C5-F3F661F436BC}) (Version: 8.4.21079.0 - Labcenter Electronics)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.11 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7926 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
ROG Aura Core (HKLM-x32\...\{24D10379-1ED5-4949-A024-991131A992D9}) (Version: 1.0.1 - ASUS)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.0.2 - ASUS)
RogueKiller version 12.11.11.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.11.0 - Adlice Software)
SMADAV version 11.4.4 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.4.4 - Smadsoft)
SOLIDWORKS 2016 x64 Edition SP01 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.110.45 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP01 (HKLM-x32\...\SolidWorks Installation Manager 20160-40100-1100-100) (Version: 24.1.0.45 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP01 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.10.45 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP01 (HKLM\...\{629ECC69-6A9F-4B03-801C-D396A3576A78}) (Version: 16.1.0029 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2016 SP01 x64 Edition (HKLM\...\{41E08694-1890-4B39-9D1C-B9D27A1D67B3}) (Version: 24.10.45 - Dassault Systemes SolidWorks Corp) Hidden
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy 3.0 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Tom Clancy's The Division (HKLM\...\Steam App 365590) (Version: - Massive Entertainment)
Total War - SHOGUN 2 (HKLM-x32\...\Total War - SHOGUN 2_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultimate General Civil War (HKLM-x32\...\Ultimate General Civil War_is1) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-890557738-1276667348-2891567123-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-890557738-1276667348-2891567123-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll [2017-06-08] (Smadsoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-08] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-01-10] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-01-10] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {17A04C7D-B757-4B68-8BDB-E2702C7E1F71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {1B1A4A08-F124-49EA-8B21-B7962F57E2D1} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {2745532A-4EF1-4497-B81A-89A4ACB700B5} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2016-10-22] (ASUSTek Computer Inc.)
Task: {2A979EE4-DA02-4053-B079-386C576E8961} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-02] (Realtek Semiconductor)
Task: {32EA04DE-0E37-4004-99AE-E6A7662F5E9E} - System32\Tasks\{20315727-BC5A-434B-A40D-60894920FE96} => C:\Windows\system32\pcalua.exe -a "D:\Games\Total War - SHOGUN 2\Shogun2.exe" -d "D:\Games\Total War - SHOGUN 2"
Task: {4125D79A-3BC8-4E8F-B317-94777B462D07} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {52CE9334-B0CD-47A3-821B-5553764EDF7E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {6B5C0CA6-E273-459E-98CD-4C46CBDA0C40} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-15] (ASUSTek Computer Inc.)
Task: {6E75F6AE-47CA-4CD8-A92C-3BCB12B29C9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-13] (Adobe Systems Incorporated)
Task: {7EAF4F59-96B2-4F43-9CA9-2032C185242F} - System32\Tasks\{6A35350E-164D-43E1-9087-2F4DBED450DC} => C:\Windows\system32\pcalua.exe -a C:\Users\GL553VD\AppData\Local\{BD488B14-99E0-E7AC-F478-C244D0103EDC}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir
Task: {883C9DA2-D017-49BC-9AA7-44CBA4A576BA} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-08-01] (Smadsoft)
Task: {9B4F4EC5-B02C-44AC-B422-4F566B50C21B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {A1CB4265-C58B-4A0C-B5E7-557B75CE153C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2016-09-02] (Realtek Semiconductor)
Task: {AA709456-2C1D-4DDC-A42C-95F47BD9CCCD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {AE08B0F8-1583-4196-A3D9-0BCCB4BEBEC9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel(R) Corporation)
Task: {BB01E093-29E7-40B5-B8B3-DD94B4F99026} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-02] ()
Task: {C35BF170-9FF8-4F5E-8564-9EF74C638EF4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001UA => C:\Users\GL553VD\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-19] (Google Inc.)
Task: {C8C718AF-6D4C-4B85-9F03-F56B8E73492F} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {C8FEA893-4D04-4100-8A6B-4BE9B87E10B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {C9521F4E-7608-4E12-A620-E475876FA37E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-890557738-1276667348-2891567123-1001Core => C:\Users\GL553VD\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-19] (Google Inc.)
Task: {D27BCCF7-01F5-40B6-AF9D-624DF3CD155D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {D81639B7-1AD5-455F-A79A-EEDB77AA004B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {D966ECC6-90CD-4340-AE19-B25E3E88ABFA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {E73750BE-0ACD-4EC2-A563-EA17005B96A5} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {EF853378-E41B-41CF-8215-1536C6BC9482} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {FAA7A89E-56C9-485B-80F7-10E1EF946639} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {FCBD816B-CA62-4C16-93C4-C7D233831058} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {FFEA1506-ACB1-435F-B267-FEA6CA15F84E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-08-25] (ASUSTek Computer Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\GL553VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activision Value\The History Channel - Civil War\Activision Value Homepage.lnk -> hxxp://www.activisionvalue.com
==================== Loaded Modules (Whitelisted) ==============
2004-11-09 16:35 - 2004-11-09 16:35 - 000057344 _____ () C:\WINDOWS\opcddemg.exe
2017-05-09 14:25 - 2017-05-09 14:25 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-05-08 09:28 - 2017-08-18 11:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-29 07:54 - 2017-07-19 06:24 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 03:58 - 2017-03-19 03:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-01-30 16:40 - 2010-01-30 16:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-25 11:38 - 2010-03-25 11:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-19 03:59 - 2017-03-20 10:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-23 13:17 - 2017-07-23 13:18 - 001079808 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\Sqlite.dll
2017-05-04 06:47 - 2017-05-04 06:47 - 006078976 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\BackEndWin10Univ.dll
2015-12-02 01:56 - 2015-12-02 01:56 - 000268280 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-07-23 13:17 - 2017-07-23 13:18 - 000034304 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
2017-05-07 13:19 - 2016-11-18 20:52 - 000898616 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2016-10-06 11:17 - 2016-10-06 11:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-08 09:28 - 2017-08-18 11:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-05-08 09:28 - 2017-08-18 11:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wnsbefhk.sys:changelist [1130]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 18:47 - 2017-08-24 06:01 - 000014306 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
There are 357 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{13C5FF8D-B9AA-4B1E-9697-92428D8F6DE4}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{C21008B5-76AE-492E-A9A3-08F566B907B4}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [{BDFED0FE-F954-470B-91AF-2DAEE6A4DD19}] => (Allow) D:\Games\Program Games\Steam\Steam.exe
FirewallRules: [{326E1F60-0ED4-4A19-835C-8EF9D54D78E1}] => (Allow) D:\Games\Program Games\Steam\Steam.exe
FirewallRules: [{4FB5657D-3F9D-4E48-85B0-62173793EDAC}] => (Allow) D:\Games\Program Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B77117D1-F4E4-495A-A43B-0078A9A6CF6F}] => (Allow) D:\Games\Program Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{452DA382-28FC-45E8-9419-606577727BB6}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{8095A73C-AF65-4295-9412-5A5173D49E8A}D:\games\program games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\program games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{2FD9688D-76AF-48B5-96C2-FA35FEEE2202}D:\games\program games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\program games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{0C17BE4F-2EE1-4A64-ABDA-9194F9F7A008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68667716-4A6A-4CE6-B4D3-50D9BDFD14BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CF6A0CD1-7B44-44F9-9BE6-ED5FF925F484}C:\users\gl553vd\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gl553vd\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{93081C22-5DBF-4255-85EA-33793A962131}C:\users\gl553vd\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gl553vd\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B41562A2-994D-41C7-BECB-1C5A11C82A4C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{0094AEB0-62A8-40E8-B96C-17765C8E914D}] => (Allow) C:\Windows\System32\rundll32.exe
==================== Restore Points =========================
24-08-2017 06:01:01 Clear
24-08-2017 06:15:53 Clear
24-08-2017 06:16:43 CLEAR(this)
29-08-2017 02:54:11 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/29/2017 12:05:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 12:04:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 12:02:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 12:02:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 12:02:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
Error: (08/29/2017 08:51:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
Error: (08/29/2017 06:22:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 06:22:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 06:22:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (08/29/2017 06:22:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (08/29/2017 12:01:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 12:01:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 08:51:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 08:51:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 06:13:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 05:44:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 03:04:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 03:04:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/29/2017 02:58:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (08/29/2017 02:55:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2017-08-29 12:04:15.056
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 12:04:15.055
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 06:15:55.229
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 06:15:55.227
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 02:49:38.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 02:49:38.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 02:31:42.277
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 02:31:42.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.
Date: 2017-08-29 02:31:42.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-08-29 02:31:42.271
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Windows\System32\Mswapi64.dll that did not meet the security requirements for Shared Sections.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 22%
Total physical RAM: 16265.07 MB
Available physical RAM: 12546.98 MB
Total Virtual: 18697.07 MB
Available Virtual: 15090.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.85 GB) (Free:39.89 GB) NTFS
Drive d: () (Fixed) (Total:465.74 GB) (Free:153.04 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:51.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 2
I can't copy paste it cause it contain some inappropriate content.
 

Attachments

  • Fixlog.txt
    3 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by GL553VD (30-08-2017 11:56:04) Run:1
Running from C:\Users\GL553VD\Desktop\FRST
Loaded Profiles: GL553VD (Available Profiles: defaultuser0 & GL553VD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-06-06 09:20 - 2017-06-06 09:20 - 000019894 _____ () C:\Users\GL553VD\AppData\Roaming\Geregatoc
2017-05-08 07:56 - 2017-05-15 05:26 - 000000000 _____ () C:\Users\GL553VD\AppData\Local\Temptable.xml
2017-07-29 07:54 - 2017-07-29 07:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-08-28 12:26 - 2017-07-11 07:33 - 001930320 _____ (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\dllnt_dump.dll
2003-08-16 06:58 - 2003-08-16 06:58 - 001859680 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1A14.EXE
2003-08-16 06:56 - 2003-08-16 06:56 - 012443648 ____N (Microsoft Corporation) C:\Users\GL553VD\AppData\Local\Temp\EBU1B5D.DLL
2017-08-13 16:00 - 2016-12-29 19:28 - 000351680 _____ (NVIDIA Corporation) C:\Users\GL553VD\AppData\Local\Temp\nvStInst.exe
2017-08-24 05:18 - 2017-08-24 05:18 - 000886434 _____ ( ) C:\Users\GL553VD\AppData\Local\Temp\SetupTextToTalk.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wnsbefhk.sys:changelist [1130]

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
ibtsiva => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\Users\GL553VD\AppData\Roaming\Geregatoc => moved successfully
C:\Users\GL553VD\AppData\Local\Temptable.xml => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\GL553VD\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\GL553VD\AppData\Local\Temp\EBU1A14.EXE => moved successfully
C:\Users\GL553VD\AppData\Local\Temp\EBU1B5D.DLL => moved successfully
C:\Users\GL553VD\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\GL553VD\AppData\Local\Temp\SetupTextToTalk.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
C:\WINDOWS\system32\Drivers\wnsbefhk.sys => ":changelist" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 11:56:16 ====
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
833
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back