Solved Computer restarts by itself

[Ewokki]

Hi, my computer wakes up from sleep and sometimes it restarts by itself and in event viewer there is lots of conflicts. So I'm little worried I may have some kind of virus/malware

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by koski (administrator) on PREDATOR (22-09-2018 23:22:53)
Running from C:\Users\koski\Desktop
Loaded Profiles: koski (Available Profiles: koski)
Platform: Windows 10 Pro Version 1803 17134.286 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Registry
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atiesrxx.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsorsp64.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshoster64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Electronic Arts) G:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(Spotify Ltd) C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Spotify Ltd) C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Discord Inc.) C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Discord Inc.) C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Discord Inc.) C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2018-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2018-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [137464 2018-07-02] (Intel)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Steam] => g:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Spotify] => C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe [25061776 2018-09-20] (Spotify Ltd)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Discord] => C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2018-07-27]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (ROCCAT)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-07-27]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2aa6622e-c882-4ce5-81cf-27cf6d6cca7c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-09-18] (Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https64.dll [2018-09-18] (F-Secure Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-09-18] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https.dll [2018-09-18] (F-Secure Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6348j8cm.default
FF ProfilePath: C:\Users\koski\AppData\Roaming\Mozilla\Firefox\Profiles\6348j8cm.default [2018-08-23]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-08-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-09-18]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-27] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default [2018-09-22]
CHR Extension: (Slides) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]
CHR Extension: (Docs) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-27]
CHR Extension: (Google Drive) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-27]
CHR Extension: (YouTube) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]
CHR Extension: (Sheets) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-27]
CHR Extension: (Gmail) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atiesrxx.exe [496008 2018-08-03] (AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2018-07-27] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-07-27] () [File not signed]
S3 BcastDVRUserService; C:\Windows\System32\BcastDVRUserService.dll [1364992 2018-09-15] (Microsoft Corporation)
S3 BcastDVRUserService_47c3c; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_47c3c; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7212480 2018-08-10] ()
S3 BluetoothUserService; C:\Windows\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_47c3c; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_47c3c; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BTAGService; C:\Windows\System32\BTAGService.dll [514048 2018-04-12] (Microsoft Corporation)
S3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [395264 2018-04-12] (Microsoft Corporation)
S3 CaptureService; C:\Windows\System32\CaptureService.dll [125952 2018-04-12] (Microsoft Corporation)
S3 CaptureService_47c3c; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_47c3c; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-07-02] (Intel)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2018-07-27] (DTS)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-07-28] (EasyAntiCheat Ltd)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2018-04-06] ()
R2 fshoster; C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshoster64.exe [581160 2018-09-18] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsorsp64.exe [78304 2018-09-18] (F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe [581160 2018-09-18] (F-Secure Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
S3 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-29] (Electronic Arts)
R2 Origin Web Helper Service; G:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-29] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-07-29] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [185064 2018-04-06] ()
S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2018-04-06] ()
S3 VacSvc; C:\Windows\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\Windows\System32\WaaSMedicSvc.dll [392704 2018-08-09] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)
S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [729088 2018-06-19] (Microsoft Corporation)
S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1456640 2018-06-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afunix; C:\Windows\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atikmdag.sys [46783368 2018-08-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atikmpag.sys [578440 2018-08-03] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-27] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107496 2018-07-17] (Advanced Micro Devices)
S3 bindflt; C:\Windows\system32\drivers\bindflt.sys [92056 2018-04-12] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulgk.sys [251728 2018-09-18] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshs.sys [112312 2018-09-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [65872 2018-08-09] ()
S0 fselms; C:\Windows\System32\drivers\fselms.sys [15360 2018-09-18] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\fsni64.sys [112456 2018-09-18] (F-Secure Corporation)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S3 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-04-06] ()
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46896 2018-04-23] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\koski\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)

 

[Ewokki]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-22 23:22 - 2018-09-22 23:23 - 000025071 _____ C:\Users\koski\Desktop\FRST.txt
2018-09-22 23:21 - 2018-09-22 23:22 - 000000000 ____D C:\FRST
2018-09-22 23:21 - 2018-09-22 23:21 - 002404864 _____ (Farbar) C:\Users\koski\Desktop\FRST64.exe
2018-09-21 16:38 - 2018-09-21 16:38 - 000000000 ___HD C:\OneDriveTemp
2018-09-18 16:20 - 2018-09-05 01:36 - 001476904 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2018-09-18 04:39 - 2018-09-18 04:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-09-18 04:38 - 2018-09-18 04:38 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-09-18 04:26 - 2018-09-15 11:46 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-18 04:26 - 2018-09-15 05:51 - 001220920 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-09-18 04:26 - 2018-09-15 05:50 - 001029432 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-09-18 04:26 - 2018-09-15 05:49 - 009090064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-18 04:26 - 2018-09-15 05:48 - 000885968 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-09-18 04:26 - 2018-09-15 05:33 - 001129760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-09-18 04:26 - 2018-09-15 05:33 - 000567280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-09-18 04:26 - 2018-09-15 05:19 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-09-18 04:26 - 2018-09-15 05:17 - 007577088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-09-18 04:26 - 2018-09-15 05:16 - 005777920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-09-18 04:26 - 2018-08-31 10:22 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-18 04:26 - 2018-08-31 09:55 - 001455960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-09-18 04:26 - 2018-08-31 09:37 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-18 04:26 - 2018-08-31 06:42 - 007436192 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-09-18 04:26 - 2018-08-31 06:42 - 000604640 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-09-18 04:26 - 2018-08-31 06:28 - 006043680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-09-18 04:26 - 2018-08-31 06:28 - 001989496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-18 04:26 - 2018-08-31 06:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-09-18 04:26 - 2018-08-31 06:15 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-18 04:26 - 2018-08-31 06:14 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-09-18 04:26 - 2018-08-31 06:14 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-18 04:26 - 2018-08-31 06:13 - 000402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-18 04:26 - 2018-08-31 06:11 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-18 04:26 - 2018-08-31 06:10 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-18 04:26 - 2018-08-31 06:10 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-18 04:26 - 2018-08-31 06:07 - 001627648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-18 04:26 - 2018-08-09 12:32 - 004527680 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-09-18 04:26 - 2018-08-09 12:14 - 012709376 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-18 04:26 - 2018-08-09 12:12 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-18 04:26 - 2018-08-09 12:11 - 003652608 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-09-18 04:26 - 2018-08-09 12:10 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-18 04:26 - 2018-08-09 11:24 - 011901952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-18 04:26 - 2018-08-09 11:22 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-18 04:26 - 2018-08-09 11:21 - 002894848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-09-18 04:26 - 2018-08-09 11:21 - 002016768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-18 04:26 - 2018-08-09 11:20 - 002401792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-09-18 04:26 - 2018-08-09 07:54 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-09-18 04:26 - 2018-08-09 07:54 - 000170912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-18 04:26 - 2018-08-09 07:53 - 002765440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-18 04:26 - 2018-08-09 07:53 - 001026456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-09-18 04:26 - 2018-08-09 07:29 - 002253584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-18 04:26 - 2018-08-09 07:26 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-09-18 04:26 - 2018-08-09 07:24 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-09-18 04:26 - 2018-08-09 07:24 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 002172928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 000916992 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-09-18 04:26 - 2018-08-09 07:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-09-18 04:26 - 2018-08-09 07:11 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-09-18 04:26 - 2018-08-09 07:10 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-09-18 04:26 - 2018-08-09 07:09 - 004191232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-18 04:26 - 2018-08-09 07:09 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-18 04:25 - 2018-09-15 11:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2018-09-18 04:25 - 2018-09-15 11:31 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-09-18 04:25 - 2018-09-15 11:31 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2018-09-18 04:25 - 2018-09-15 05:50 - 000567080 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-09-18 04:25 - 2018-09-15 05:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-09-18 04:25 - 2018-09-15 05:49 - 007519896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-09-18 04:25 - 2018-09-15 05:49 - 001097760 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-09-18 04:25 - 2018-09-15 05:48 - 000713504 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-09-18 04:25 - 2018-09-15 05:33 - 006567984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-18 04:25 - 2018-09-15 05:33 - 000357064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-09-18 04:25 - 2018-09-15 05:19 - 004382720 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-09-18 04:25 - 2018-08-31 10:42 - 001636232 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-09-18 04:25 - 2018-08-31 06:44 - 001064744 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-09-18 04:25 - 2018-08-31 06:43 - 000722880 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-09-18 04:25 - 2018-08-31 06:42 - 002824672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-09-18 04:25 - 2018-08-31 06:42 - 002461312 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-18 04:25 - 2018-08-31 06:42 - 001458552 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-18 04:25 - 2018-08-31 06:42 - 001258352 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-09-18 04:25 - 2018-08-31 06:42 - 001142000 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-18 04:25 - 2018-08-31 06:42 - 000983080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-09-18 04:25 - 2018-08-31 06:26 - 025847808 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-09-18 04:25 - 2018-08-31 06:21 - 022008320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-09-18 04:25 - 2018-08-31 06:20 - 022715904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-18 04:25 - 2018-08-31 06:18 - 008189440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-09-18 04:25 - 2018-08-31 06:17 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-09-18 04:25 - 2018-08-31 06:16 - 019404288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-18 04:25 - 2018-08-31 06:15 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-09-18 04:25 - 2018-08-31 06:15 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-09-18 04:25 - 2018-08-31 06:14 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-09-18 04:25 - 2018-08-31 06:14 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-09-18 04:25 - 2018-08-31 06:13 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-09-18 04:25 - 2018-08-31 06:11 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-09-18 04:25 - 2018-08-31 06:11 - 001854976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-09-18 04:25 - 2018-08-31 06:11 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 001375744 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-09-18 04:25 - 2018-08-31 06:09 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-09-18 04:25 - 2018-08-31 06:08 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-09-18 04:25 - 2018-08-28 10:17 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-09-18 04:25 - 2018-08-28 09:56 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2018-09-18 04:25 - 2018-08-28 09:49 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-09-18 04:25 - 2018-08-28 09:48 - 001274368 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2018-09-18 04:25 - 2018-08-28 08:51 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-18 04:25 - 2018-08-09 12:37 - 002267944 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2018-09-18 04:25 - 2018-08-09 12:31 - 001617728 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-09-18 04:25 - 2018-08-09 12:31 - 000766872 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2018-09-18 04:25 - 2018-08-09 12:13 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2018-09-18 04:25 - 2018-08-09 11:38 - 001538976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2018-09-18 04:25 - 2018-08-09 08:02 - 001035144 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-09-18 04:25 - 2018-08-09 07:53 - 001947720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-18 04:25 - 2018-08-09 07:53 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-09-18 04:25 - 2018-08-09 07:29 - 001620880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-18 04:25 - 2018-08-09 07:28 - 003395072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-09-18 04:25 - 2018-08-09 07:25 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-09-18 04:25 - 2018-08-09 07:23 - 003148288 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2018-09-18 04:25 - 2018-08-09 07:22 - 004615680 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-18 04:25 - 2018-08-09 07:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-18 04:25 - 2018-08-09 07:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-09-18 04:25 - 2018-08-09 07:11 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-09-18 04:25 - 2018-08-09 07:10 - 002893824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2018-09-18 04:25 - 2018-08-09 07:10 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-09-18 04:24 - 2018-09-15 11:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-18 04:24 - 2018-09-15 05:57 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-09-18 04:24 - 2018-09-15 05:56 - 000269320 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-09-18 04:24 - 2018-09-15 05:51 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2018-09-18 04:24 - 2018-09-15 05:33 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-09-18 04:24 - 2018-09-15 05:20 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-09-18 04:24 - 2018-09-15 03:59 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-09-18 04:24 - 2018-08-31 10:46 - 000542504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-09-18 04:24 - 2018-08-31 10:45 - 000348328 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-09-18 04:24 - 2018-08-31 10:43 - 001524152 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-09-18 04:24 - 2018-08-31 10:27 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-18 04:24 - 2018-08-31 10:27 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-18 04:24 - 2018-08-31 10:26 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-18 04:24 - 2018-08-31 10:25 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2018-09-18 04:24 - 2018-08-31 10:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-18 04:24 - 2018-08-31 10:24 - 001127936 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2018-09-18 04:24 - 2018-08-31 10:24 - 000482304 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-18 04:24 - 2018-08-31 10:23 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2018-09-18 04:24 - 2018-08-31 10:22 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-09-18 04:24 - 2018-08-31 09:53 - 001327504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-09-18 04:24 - 2018-08-31 09:41 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-18 04:24 - 2018-08-31 09:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-18 04:24 - 2018-08-31 09:40 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2018-09-18 04:24 - 2018-08-31 09:37 - 000622080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2018-09-18 04:24 - 2018-08-31 09:36 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-09-18 04:24 - 2018-08-31 06:43 - 002719216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-18 04:24 - 2018-08-31 06:42 - 001767064 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000632296 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000527328 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000155112 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 001514352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 000453104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 000134936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-18 04:24 - 2018-08-31 06:17 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-18 04:24 - 2018-08-31 06:15 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-18 04:24 - 2018-08-31 06:15 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-18 04:24 - 2018-08-31 06:13 - 002738688 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-09-18 04:24 - 2018-08-31 06:12 - 000736256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-09-18 04:24 - 2018-08-31 06:12 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-18 04:24 - 2018-08-31 06:11 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-09-18 04:24 - 2018-08-31 06:11 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-09-18 04:24 - 2018-08-31 06:11 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-09-18 04:24 - 2018-08-31 06:10 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-18 04:24 - 2018-08-31 06:10 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-18 04:24 - 2018-08-31 06:10 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-09-18 04:24 - 2018-08-31 06:09 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-09-18 04:24 - 2018-08-31 06:07 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-09-18 04:24 - 2018-08-31 06:07 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-09-18 04:24 - 2018-08-31 06:06 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-09-18 04:24 - 2018-08-28 09:45 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2018-09-18 04:24 - 2018-08-14 05:14 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-18 04:24 - 2018-08-14 05:14 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-18 04:24 - 2018-08-09 12:31 - 000253544 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2018-09-18 04:24 - 2018-08-09 12:31 - 000236624 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2018-09-18 04:24 - 2018-08-09 12:17 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2018-09-18 04:24 - 2018-08-09 12:13 - 000521216 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2018-09-18 04:24 - 2018-08-09 12:13 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2018-09-18 04:24 - 2018-08-09 12:13 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\TtlsExt.dll
2018-09-18 04:24 - 2018-08-09 12:12 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2018-09-18 04:24 - 2018-08-09 12:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-18 04:24 - 2018-08-09 12:11 - 002051584 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 000615424 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2018-09-18 04:24 - 2018-08-09 12:10 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2018-09-18 04:24 - 2018-08-09 12:10 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\dinput.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2018-09-18 04:24 - 2018-08-09 12:09 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\PackageInspector.exe
2018-09-18 04:24 - 2018-08-09 11:36 - 000660896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-09-18 04:24 - 2018-08-09 11:36 - 000221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-18 04:24 - 2018-08-09 11:24 - 000131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2018-09-18 04:24 - 2018-08-09 11:23 - 001308160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-09-18 04:24 - 2018-08-09 11:23 - 000291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2018-09-18 04:24 - 2018-08-09 11:21 - 001274368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-09-18 04:24 - 2018-08-09 11:21 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-09-18 04:24 - 2018-08-09 11:20 - 000423424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2018-09-18 04:24 - 2018-08-09 11:20 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2018-09-18 04:24 - 2018-08-09 11:20 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput.dll
2018-09-18 04:24 - 2018-08-09 11:19 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-09-18 04:24 - 2018-08-09 08:01 - 000777400 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2018-09-18 04:24 - 2018-08-09 07:55 - 000230304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-09-18 04:24 - 2018-08-09 07:54 - 001019016 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-09-18 04:24 - 2018-08-09 07:54 - 000375704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-09-18 04:24 - 2018-08-09 07:54 - 000203568 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2018-09-18 04:24 - 2018-08-09 07:53 - 000932136 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-09-18 04:24 - 2018-08-09 07:53 - 000482480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-09-18 04:24 - 2018-08-09 07:53 - 000125600 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2018-09-18 04:24 - 2018-08-09 07:30 - 000829856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-09-18 04:24 - 2018-08-09 07:30 - 000183992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2018-09-18 04:24 - 2018-08-09 07:29 - 001174552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-18 04:24 - 2018-08-09 07:29 - 000099208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2018-09-18 04:24 - 2018-08-09 07:28 - 001589248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-09-18 04:24 - 2018-08-09 07:27 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-09-18 04:24 - 2018-08-09 07:27 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\eShims.dll
2018-09-18 04:24 - 2018-08-09 07:27 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2018-09-18 04:24 - 2018-08-09 07:26 - 000990720 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-09-18 04:24 - 2018-08-09 07:26 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-18 04:24 - 2018-08-09 07:26 - 000528384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-09-18 04:24 - 2018-08-09 07:26 - 000319488 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-09-18 04:24 - 2018-08-09 07:26 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\TtlsAuth.dll
2018-09-18 04:24 - 2018-08-09 07:26 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\TtlsCfg.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\certca.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-09-18 04:24 - 2018-08-09 07:22 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-09-18 04:24 - 2018-08-09 07:13 - 001189376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-09-18 04:24 - 2018-08-09 07:13 - 000042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2018-09-18 04:24 - 2018-08-09 07:12 - 000652288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certca.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsAuth.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsCfg.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-09-18 04:24 - 2018-08-09 07:08 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-09-18 04:24 - 2018-08-09 06:08 - 000806416 _____ C:\Windows\SysWOW64\locale.nls
2018-09-18 04:24 - 2018-08-09 06:08 - 000806416 _____ C:\Windows\system32\locale.nls
2018-09-18 04:13 - 2018-09-18 04:10 - 000015360 _____ (F-Secure Corporation) C:\Windows\system32\Drivers\fselms.sys
2018-09-18 04:10 - 2018-09-18 04:10 - 000000000 ____D C:\Users\koski\AppData\Local\OneDrive
2018-09-08 17:34 - 2018-09-08 17:34 - 000000000 ____D C:\Users\koski\AppData\Roaming\Kalypso Media
2018-09-08 17:33 - 2018-09-08 17:33 - 000000000 ____D C:\Users\koski\AppData\LocalLow\Realmforge Studios GmbH
2018-09-08 17:33 - 2018-09-08 17:33 - 000000000 ____D C:\Users\koski\AppData\Local\Kalypso Media
2018-08-26 18:41 - 2018-08-26 18:41 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-08-25 19:12 - 2018-08-25 19:12 - 000000000 ____D C:\Users\koski\AppData\Local\id Software
2018-08-25 19:05 - 2018-08-25 19:06 - 000000000 ____D C:\Users\koski\AppData\Local\PAYDAY 2
2018-08-25 19:05 - 2018-08-25 19:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-25 19:05 - 2018-08-25 19:05 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-08-25 00:22 - 2018-08-25 00:22 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2018-08-25 00:22 - 2018-08-25 00:22 - 000003074 _____ C:\Windows\System32\Tasks\StartDVR
2018-08-25 00:22 - 2018-08-25 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-08-25 00:21 - 2018-08-25 00:21 - 000000000 ____D C:\Program Files (x86)\AMD
2018-08-25 00:15 - 2018-08-25 00:15 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-08-25 00:14 - 2018-08-25 00:15 - 000000000 ____D C:\AMD
2018-08-25 00:14 - 2018-08-25 00:14 - 025555000 _____ (AMD Inc.) C:\Users\koski\Downloads\radeon-software-adrenalin-18.8.1-minimalsetup-180803_64bit.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-22 23:20 - 2018-07-27 18:58 - 000000000 ____D C:\Users\koski\AppData\Roaming\Spotify
2018-09-22 23:14 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-22 22:43 - 2018-07-27 18:11 - 000000000 ____D C:\Users\koski\AppData\Local\D3DSCache
2018-09-22 22:10 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-22 22:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\AppReadiness
2018-09-22 22:01 - 2018-07-27 14:29 - 000793764 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-22 22:01 - 2018-04-12 02:36 - 000000000 ____D C:\Windows\INF
2018-09-22 21:55 - 2018-07-27 19:07 - 000000000 ____D C:\Users\koski\AppData\Roaming\discord
2018-09-22 21:55 - 2018-07-27 14:38 - 000000000 ___RD C:\Users\koski\OneDrive
2018-09-22 21:55 - 2018-07-27 14:30 - 000000000 ____D C:\Users\koski
2018-09-22 21:54 - 2018-07-27 14:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-22 21:54 - 2018-07-27 14:21 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-09-22 00:52 - 2018-07-28 22:50 - 000000000 ____D C:\Users\koski\AppData\Roaming\TS3Client
2018-09-21 16:38 - 2018-07-27 14:39 - 000003364 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4004542635-2087850760-1770400530-1001
2018-09-21 16:38 - 2018-07-27 14:30 - 000002367 _____ C:\Users\koski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-21 16:37 - 2018-07-27 18:59 - 000000000 ____D C:\Users\koski\AppData\Local\Spotify
2018-09-20 20:04 - 2018-07-27 14:26 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-09-20 20:04 - 2018-04-12 00:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-09-20 00:56 - 2018-07-27 14:44 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 00:56 - 2018-07-27 14:44 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-18 16:20 - 2018-04-12 02:30 - 000000000 ____D C:\Windows\CbsTemp
2018-09-18 06:11 - 2018-07-27 14:21 - 000406536 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\TextInput
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\en-GB
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\oobe
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\en-GB
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\bcastdvr
2018-09-18 06:10 - 2018-04-12 00:04 - 000000000 ____D C:\Windows\system32\Dism
2018-09-18 04:39 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-09-18 04:37 - 2018-08-13 18:19 - 000000000 ____D C:\Program Files\Microsoft Office
2018-09-18 04:37 - 2018-07-27 15:37 - 000000000 ____D C:\Windows\system32\MRT
2018-09-18 04:34 - 2018-07-27 15:37 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-18 04:23 - 2018-07-27 14:36 - 000000000 ____D C:\Users\koski\AppData\Local\Packages
2018-09-18 04:13 - 2018-04-12 02:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-09-18 04:09 - 2018-07-28 17:10 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-09-06 11:34 - 2018-07-27 18:48 - 000000000 ____D C:\Users\koski\AppData\Local\ElevatedDiagnostics
2018-09-05 02:04 - 2018-04-12 02:41 - 000835144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-05 02:04 - 2018-04-12 02:41 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-26 00:13 - 2018-07-28 15:27 - 000000000 ____D C:\Users\koski\Documents\my games
2018-08-26 00:13 - 2018-04-12 02:33 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-08-25 00:22 - 2018-07-27 14:26 - 000000000 ____D C:\Program Files\AMD
2018-08-25 00:18 - 2018-07-27 14:44 - 000000000 ____D C:\Users\koski\AppData\LocalLow\AMD
2018-08-25 00:17 - 2018-07-27 18:09 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-24 22:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-08-23 16:46 - 2018-08-21 22:15 - 000000000 ____D C:\Users\koski\AppData\LocalLow\Mozilla
2018-08-23 16:43 - 2018-08-21 22:15 - 000000000 ____D C:\Users\koski\AppData\Local\Mozilla

Some files in TEMP:
====================
2018-09-21 19:51 - 2018-09-22 15:50 - 000000000 _____ () C:\Users\koski\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-09-21 19:51 - 2018-09-22 15:50 - 000000016 _____ () C:\Users\koski\AppData\Local\Temp\61e6a516043de722da96d425d95f8793.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-27 14:21

==================== End of FRST.txt ============================

 

[Ewokki]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by koski (22-09-2018 23:23:26)
Running from C:\Users\koski\Desktop
Windows 10 Pro Version 1803 17134.286 (X64) (2018-07-27 11:23:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4004542635-2087850760-1770400530-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4004542635-2087850760-1770400530-503 - Limited - Disabled)
Guest (S-1-5-21-4004542635-2087850760-1770400530-501 - Limited - Disabled)
koski (S-1-5-21-4004542635-2087850760-1770400530-1001 - Administrator - Enabled) => C:\Users\koski
WDAGUtilityAccount (S-1-5-21-4004542635-2087850760-1770400530-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure (Enabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{7ED1F198-3D52-420C-9F32-9F1B86720990}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{323CCD81-1A62-4163-955A-2E617D7211C9}) (Version: 3.4.1.7 - Intel) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.8.1 - Advanced Micro Devices, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Computer Security 17.215.129.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.215.129.0 - F-Secure Corporation) Hidden
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Discord (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Driver Easy 5.6.3 (HKLM\...\DriverEasy_is1) (Version: 5.6.3 - Easeware)
F-Secure (HKLM-x32\...\{9F1F7158-62F9-45F8-8D35-346A0E2E683D}) (Version: 3.15.285.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 3.15.285.0 - F-Secure Corporation)
F-Secure Ultralight 1.1.24.0 (release) (HKLM-x32\...\{9FAE989F-A043-4017-B60F-9134E992BB55}) (Version: 1.1.24.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{32756C77-14FD-46F9-9480-84D77BA4E60D}) (Version: 4.1.0.29 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{65f026f0-ca1d-4c8d-84bb-67ced39a5087}) (Version: 3.4.1.7 - Intel)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 fi) (HKLM\...\Mozilla Firefox 61.0.2 (x64 fi)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Online Safety 2.215.7452.4118 (HKLM-x32\...\{0DD64CD2-B23F-4A3D-A88D-EF6848A20167}) (Version: 2.215.7452.4118 - F-Secure Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
ROCCAT Swarm (HKLM-x32\...\{32C24F2E-923F-49C1-8E60-2B3DC5482255}) (Version: 1.93.250 - ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32\...\InstallShield_{32C24F2E-923F-49C1-8E60-2B3DC5482255}) (Version: 1.93.250 - ROCCAT GmbH)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.6.63768 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.12.6 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.6 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-02] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A7AA876-862F-4F81-AA4B-B73950FA632C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {1909F7EE-08E2-4CB2-A0BA-00C4E94267F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-27] (Google Inc.)
Task: {23170156-1AAE-4E68-B7B5-653E54DD6BC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-18] (Microsoft Corporation)
Task: {26E05CB3-1F88-4345-88D6-BD86357B836D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-18] (Microsoft Corporation)
Task: {2AB56619-EC43-4CD4-A985-BB35F737B638} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {430852CB-A87C-492E-A659-075C7BF1710C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {4D36ADAC-0BF4-4A73-BAD7-371582C558C9} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-09-18] (Microsoft Corporation)
Task: {541BA5BF-1736-4A3E-B1E5-CE1C9EE13043} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {5FA4782E-21C5-4682-8956-9AE4964F0006} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {65A34F07-723D-4150-B109-13BD1AE3DFAA} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {78BABCCD-20B8-49B7-B4F8-87490C41C875} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {7D7985D7-486A-4C12-90FF-8E636184D6A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {827282E0-FF88-47D0-96EE-7011C419DCFE} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [2018-06-27] (ROCCAT)
Task: {8283729C-F502-4C91-8B3C-B68B976AA05B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-18] (Microsoft Corporation)
Task: {8F255F88-A87A-495F-B828-A4AFEC70BDB0} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\Windows\system32\dxgiadaptercache.exe [2018-04-12] (Microsoft Corporation)
Task: {95BD180F-DF08-4B39-AD5B-BB6F458E4CEB} - System32\Tasks\S-1-5-21-4004542635-2087850760-1770400530-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {A167F6E0-ED47-419C-807E-2A11ECBA98D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {AD1376B4-6C92-4FD5-9EDB-1BEFDC624838} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-09-18] (Microsoft Corporation)
Task: {C06041B6-6ADC-42BF-B188-F76BD245121A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-08-02] (Advanced Micro Devices, Inc.)
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2018-06-19] (Microsoft Corporation)
Task: {C822193E-8E11-4697-86AD-2FDEBAAEFD5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-18] (Microsoft Corporation)
Task: {D1CC320B-9A47-4DB4-AFE4-2BCE1A964E7A} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {E3D375A1-8D22-4567-A742-D39E425C1D4A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E5A12D7C-44BD-43D6-B8D8-17BE14A06214} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {E5C9DEF6-2778-429C-8A43-56D594955425} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {F061BD14-4344-447C-8B0A-D229AC1521F3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {FF8D092C-3043-4D51-80B1-5959A855F0DA} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-08-02] (Advanced Micro Devices, Inc.)
Task: {FF94508A-E80B-4BE5-A136-CB492EEBBB9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-07-27 16:01 - 2018-07-27 16:00 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-07-29 15:28 - 2018-07-29 19:08 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 000185064 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-09-18 04:13 - 2018-09-18 04:10 - 000418784 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\daas2_x64.dll
2018-07-27 16:01 - 2018-07-27 16:00 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2018-09-18 04:13 - 2018-09-18 04:10 - 000319968 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\senddump_fshoster_plugin64.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-18 04:26 - 2018-09-15 05:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-27 14:54 - 2018-07-27 14:55 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-30 16:09 - 2018-04-30 16:09 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-30 16:09 - 2018-04-30 16:09 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-18 04:15 - 2018-09-18 04:16 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 12:23 - 2018-04-12 12:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-09-18 06:12 - 2018-09-05 23:14 - 001055520 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-09-07 17:07 - 2018-08-27 23:52 - 098006816 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-09-07 17:07 - 2018-08-27 23:52 - 004443424 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-09-07 17:07 - 2018-08-27 23:52 - 000100128 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-04-06 20:55 - 2018-04-06 20:55 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-22 22:10 - 2018-09-22 22:10 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 22:24 - 2018-08-21 22:24 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-21 22:24 - 2018-08-21 22:24 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000885992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 000260328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000306920 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000231144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000212200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000453352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000375528 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000609512 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000248040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-09-20 00:56 - 2018-09-15 11:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 00:56 - 2018-09-15 11:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-07-27 16:01 - 2018-09-22 21:55 - 000023040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-07-27 16:01 - 2018-07-27 16:00 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-05-08 14:41 - 2018-05-08 14:41 - 000211424 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\zlib_32.dll
2018-05-08 14:40 - 2018-05-08 14:40 - 000259040 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\daas2.dll
2018-09-18 06:12 - 2018-09-08 23:31 - 002646304 _____ () g:\Program Files (x86)\Steam\video.dll
2018-09-18 06:12 - 2018-09-05 23:14 - 000876320 _____ () g:\Program Files (x86)\Steam\SDL2.dll
2018-07-27 18:56 - 2016-09-01 04:02 - 004969248 _____ () g:\Program Files (x86)\Steam\v8.dll
2018-07-27 18:56 - 2017-12-20 04:43 - 000695584 _____ () g:\Program Files (x86)\Steam\libavformat-57.dll
2018-07-27 18:56 - 2017-12-20 04:43 - 000351520 _____ () g:\Program Files (x86)\Steam\libavresample-3.dll
2018-07-27 18:56 - 2017-12-20 04:43 - 000847136 _____ () g:\Program Files (x86)\Steam\libavutil-55.dll
2018-07-27 18:56 - 2017-12-20 04:43 - 000783648 _____ () g:\Program Files (x86)\Steam\libswscale-4.dll
2018-07-27 18:56 - 2017-12-20 04:43 - 005137696 _____ () g:\Program Files (x86)\Steam\libavcodec-57.dll
2018-07-27 18:56 - 2016-09-01 04:02 - 001195296 _____ () g:\Program Files (x86)\Steam\icuuc.dll
2018-07-27 18:56 - 2016-09-01 04:02 - 001563936 _____ () g:\Program Files (x86)\Steam\icui18n.dll
2018-09-18 06:12 - 2018-09-08 23:31 - 001015584 _____ () G:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-07-27 18:56 - 2016-07-05 01:17 - 000266560 _____ () g:\Program Files (x86)\Steam\openvr_api.dll
2018-07-27 18:59 - 2018-09-20 20:05 - 085627280 _____ () C:\Users\koski\AppData\Roaming\Spotify\libcef.dll
2014-10-23 18:27 - 2014-10-23 13:27 - 000119822 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libgcc_s_dw2-1.dll
2015-12-29 06:25 - 2015-12-29 01:25 - 001540622 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libstdc++-6.dll
2018-05-23 11:22 - 2018-06-27 05:27 - 000563712 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\aimo.dll
2018-07-27 18:59 - 2018-09-20 20:05 - 003867536 _____ () C:\Users\koski\AppData\Roaming\Spotify\libglesv2.dll
2018-07-27 18:59 - 2018-09-20 20:05 - 000088464 _____ () C:\Users\koski\AppData\Roaming\Spotify\libegl.dll
2018-07-27 19:07 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\koski\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-07-27 19:07 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\koski\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-07-27 19:07 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\koski\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-07-27 19:08 - 2018-09-18 06:12 - 011321176 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-07-27 19:08 - 2018-09-18 16:20 - 001615704 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-07-27 19:07 - 2018-07-27 19:07 - 001910104 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-07-27 19:08 - 2018-07-27 19:08 - 000422744 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-07-27 19:07 - 2018-07-27 19:07 - 000145240 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-07-27 19:07 - 2018-07-27 19:07 - 000512856 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-07-27 19:07 - 2018-08-15 05:04 - 001641304 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-07-27 19:07 - 2018-09-22 21:55 - 001743704 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-07-27 19:07 - 2018-07-27 19:07 - 002722648 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-15 13:21 - 2018-09-20 20:05 - 001257816 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-15 13:21 - 2018-09-22 21:55 - 021795672 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-07-27 19:10 - 2018-07-27 19:10 - 002760536 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-07-27 19:10 - 2018-07-27 19:10 - 001249112 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
2018-07-27 19:07 - 2018-09-18 06:12 - 001657176 _____ () \\?\C:\Users\koski\AppData\Roaming\discord\0.0.301\modules\discord_hook\discord_hook.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 02:38 - 2018-04-12 02:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

 

[Ewokki]

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3490DB80-0ED5-4976-938C-4A132FBA98E9}] => (Allow) F:\DriverEasy\DriverEasy.exe
FirewallRules: [{56C808DF-93C5-47A3-BCA1-A3461E2EC012}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{26EBF5D3-AB75-427A-BC93-73732D807F05}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA67D501-81AF-4356-A318-013D8BE3A0E8}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{66FA1575-192A-4FBA-9202-A72A8047C99A}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{67C1BCED-1191-442F-92DD-3BA7C2AD749E}C:\users\koski\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\koski\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{20546C38-7FE4-4BA4-A16A-C5E722938437}C:\users\koski\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\koski\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5043D64B-1DCA-4425-80F8-4FC7F0A054A2}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe
FirewallRules: [UDP Query User{24E67568-C076-49EA-A4ED-9CF93E0109C0}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe
FirewallRules: [{C9FF9F0A-E948-4FBF-9334-647D35372863}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{14939C0E-AF85-4B39-B542-5167F50E3671}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{ED280F84-6CAB-4756-94B6-124C667743E8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{CD1AF9D2-A6CB-42E1-8798-A88189377082}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{A959B41B-7DD5-45A6-B9B4-BA7490CCB6F1}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1042ED68-5AB9-442C-BC11-E42A827B8E25}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6025E52C-E22A-4225-BACC-11B35DF20B17}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{542EADFC-FDF5-48CF-ADC5-566173602150}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{1FAA7795-AC12-4AA3-81C3-E265F97C9E71}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{0C37D6CF-DEFE-47BF-ACA1-C4617E1F008E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{F3B82B7F-7FB6-4895-A233-6B12AE30AE3E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{044E8387-1A0E-4A22-8CA2-3F569DF8A8C1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{6338DDAD-7625-43BC-8CD2-D27B9EBD30D7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E54F0FB-D667-468D-8DE6-91768D44D010}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3894704-CFFA-4985-A07B-C0DE27A3F445}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5F7E3046-3613-4E36-8762-14697D1BF20C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{DA4FEBD0-DA49-4DC0-91E1-BE410F0834A5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{5B8D307C-3AE5-4BB7-B6CD-8B9931D5AD37}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{5C634B3A-4786-43C9-AF6D-F0FD1A516C0F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{3E981A09-D589-45DE-AC96-620AAC32F998}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{12380D05-3191-4378-B0E8-125981725E19}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{B432F7C3-40BC-41B0-9D78-4A1A0EB3D244}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{5B936EFB-135E-428F-82AE-DD242C03A7D0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{E2A1C203-ADB5-458D-8071-52C917CAC83B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{865D5378-A4E0-4534-AB1A-A987E9D3A851}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{4A2CA21D-3AA7-430E-9733-37AA09647D0F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{F10D0FDD-08EC-4134-AEEE-B0E71355E1C2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{64334E65-87D1-49ED-9DA3-867B49E6D016}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{99D2903A-89F9-4E01-9EC1-13CA3B697288}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{DBAF5DF6-ABC5-4768-B251-F7D730800BD8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{EED5731A-78B4-4E89-B052-51AB03C6ABC7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{4283B819-8E20-4FCC-A2C1-F08683BB5364}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{90C907EB-256C-4A51-BBC8-A653C95E416C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{0B2EED04-F34C-45AC-BC5D-A2D7CE1ABDC7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B0D460DD-0A16-40C3-A162-ADED70AD7B3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2C8B6DF6-D66C-4B94-8D65-1F09F24F1F5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A638CC10-66E4-4BE2-99B4-EB72F4C895FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3624E6A-52DB-4636-A901-6C06C6E76A37}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C5A6A4BC-2F38-4367-AD32-63BB64832DDC}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{25D91854-69F5-4A56-BE60-FB9BDDFC83A9}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{20813A99-3377-40A6-A22F-31919C06B0E0}] => (Allow) G:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{08F60C0A-4CBF-4EB0-84D0-C56FD884C89C}] => (Allow) G:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{97EF8A8B-8F5F-4C5A-927B-14FADC0AE048}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{2F99A07C-BC28-4942-BA34-E385B39243EA}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{3EE81D54-4EBD-44E7-BDFA-39746E7A637F}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{56A674E4-3DAA-41B6-889C-7934F68876B9}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [TCP Query User{BCD17D0D-B70E-4B59-AA35-8D7B79DA1A8D}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{124E042E-57E2-4929-B433-7B27ADC815E1}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{D855CCA3-12A9-490D-AF21-F0F6A5E2F2DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DEEFE46E-56AD-4E8A-B843-98DFC7F15E50}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3997C056-9B6A-4965-96CA-E2265DAA579F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1066E6E-59E9-4102-9982-2E0A5FEC319F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF58033E-0589-4C28-8C17-AF463F8C50B2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{AE1841B4-0D46-463F-A1FB-78810545A98B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{39A9001E-EB3C-4B22-B33F-1747617BA5EA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{4AC12139-49EF-4AB2-A191-AD7CB41E76A2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{ABF709C9-1854-4195-8186-8053A23EC8F1}G:\paskaa\mw2\iw4x.exe] => (Block) G:\paskaa\mw2\iw4x.exe
FirewallRules: [UDP Query User{DDD9F7D9-7A6A-4E2B-A6C5-598D5B082E1D}G:\paskaa\mw2\iw4x.exe] => (Block) G:\paskaa\mw2\iw4x.exe
FirewallRules: [{D4D2937F-EFF7-4BE3-901E-83D689934320}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E8529C48-A074-43EE-841B-538B3ADE2BE0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{8CCC23DA-64A2-4A3F-AE61-6DDB6A03EC3F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6C6C7FAA-1E5B-49A7-9FCF-BEB232CA1894}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{493FAFBA-9750-4510-9C62-13B52C9D3E83}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{EF066732-7235-4240-826C-C07848247924}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{CB831897-5357-461A-9CAA-6363F43E0D88}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{CACACC39-514E-4C1E-8889-B8E3DA451A34}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1BCF6C89-9EEE-4F34-B1DE-3DAA4801D324}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dungeons 3\Dungeons3.exe
FirewallRules: [{13786870-7FE7-45A5-A1A1-AD17144A3EA2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dungeons 3\Dungeons3.exe
FirewallRules: [TCP Query User{C31BB922-018E-4F27-BFB9-C4FDEACE26A0}G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe] => (Block) G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe
FirewallRules: [UDP Query User{E8EA3D1F-8BB0-44C0-833F-452D0854F4FE}G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe] => (Block) G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe
FirewallRules: [{1603B1EE-B344-46A4-83B7-0A8A4A525C09}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F0C18E4E-7F65-45C0-B88C-BB00C094A8C6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{776039EE-5517-4E49-BC18-774674CE747B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{63859CAE-D08A-410A-8E0D-C74684D3111F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-09-2018 19:49:46 Scheduled Checkpoint
18-09-2018 04:23:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: ASUS Bluetooth
Description: ASUS Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2018 10:43:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 166c

Start Time: 01d452a632f179f2

Termination Time: 4294967295

Application Path: G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: babd2bf6-f396-4fb8-8405-850e5d187520

Faulting package full name:

Faulting package-relative application ID:

Error: (09/22/2018 09:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 27a0

Start Time: 01d452a5f0b7421f

Termination Time: 4294967295

Application Path: G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: e65a723c-090e-49ec-bb81-0f2eb51c6597

Faulting package full name:

Faulting package-relative application ID:

Error: (09/22/2018 02:26:35 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2018 04:40:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/20/2018 08:04:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UsoSvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: wuaueng.dll, version: 10.0.17134.254, time stamp: 0x71b9dec4
Exception code: 0xc0000005
Fault offset: 0x000000000011277f
Faulting process ID: 0x17dc
Faulting application start time: 0x01d44efd5c6c687e
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wuaueng.dll
Report ID: 0d3813c5-a55e-46b3-b96e-8b067a719798
Faulting package full name:
Faulting package-relative application ID:

Error: (09/20/2018 07:16:15 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/19/2018 02:55:49 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/18/2018 03:37:46 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (09/22/2018 10:43:39 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 10:24:59 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 09:59:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s).

Error: (09/22/2018 09:57:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 09:55:39 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 09:55:29 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 09:55:28 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2018 09:55:28 PM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-08-21 16:03:32.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-07-27 14:51:35.753
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1530012511\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-27 14:51:35.429
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1530012511\fshook64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 16360.93 MB
Available physical RAM: 9747.38 MB
Total Virtual: 21736.93 MB
Available Virtual: 12810.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:161.28 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Programs) (Fixed) (Total:390.62 GB) (Free:389.19 GB) NTFS
Drive g: (Games) (Fixed) (Total:976.56 GB) (Free:525.24 GB) NTFS
Drive h: (Game I) (Fixed) (Total:117.19 GB) (Free:0.45 GB) NTFS
Drive I: (Storage) (Fixed) (Total:390.62 GB) (Free:389.62 GB) NTFS
Drive j: (Game II) (Fixed) (Total:111.33 GB) (Free:2.17 GB) NTFS
Drive k: (Music) (Fixed) (Total:195.31 GB) (Free:7.05 GB) NTFS
Drive l: (Storage) (Fixed) (Total:286.88 GB) (Free:1.7 GB) NTFS
Drive m: () (Fixed) (Total:97.66 GB) (Free:10.43 GB) NTFS
Drive n: (Programs) (Fixed) (Total:107.42 GB) (Free:0.7 GB) NTFS

\\?\Volume{a5068a64-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A3C2E41C)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A5068A64)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AE1ACD8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=716.6 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[Ewokki]

RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : koski [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/23/2018 03:43:41 (Duration : 00:18:08)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Ewok_ON_M_2A15\Software\YahooPartnerToolbar -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Ewok_ON_M_2A15\Software\YahooPartnerToolbar -> Not selected
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Raija_ON_M_A453\Software\Conduit -> Not selected
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Raija_ON_M_A453\Software\Conduit -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet001\Services\atillk64 (\??\E:\Users\Ewok\AppData\Local\Temp\ati_winflash_2.0.1.18\atillk64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet001\Services\vhclient ("E:\SteamLibrary\steamapps\common\VirtualHereforSteamLink\vhui64.exe" -s --config="C:\Users\Ewok\AppData\Roaming\vhui.ini") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet001\Services\X6va005 (\??\C:\Users\Ewok\AppData\Local\Temp\0055EC3.tmp) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet002\Services\atillk64 (\??\E:\Users\Ewok\AppData\Local\Temp\ati_winflash_2.0.1.18\atillk64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet002\Services\vhclient ("E:\SteamLibrary\steamapps\common\VirtualHereforSteamLink\vhui64.exe" -s --config="C:\Users\Ewok\AppData\Roaming\vhui.ini") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_M_919B\ControlSet002\Services\X6va005 (\??\C:\Users\Ewok\AppData\Local\Temp\0055EC3.tmp) -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Ewok_ON_M_2A15\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Ewok_ON_M_2A15\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Raija_ON_M_A453\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Raija_ON_M_A453\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Y2Go][Folder] C:\Users\koski\AppData\Local\OneDrive -> Deleted
[PUP.Y2Go][Folder] C:\Users\koski\AppData\Local\OneDrive\cache\qmlcache -> Deleted
[PUP.Y2Go][Folder] C:\Users\koski\AppData\Local\OneDrive\cache -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20PURX-64P6ZY0 +++++
--- User ---
[MBR] e7e1d42411c01c9f6bf9a495efa46608
[BSP] f6201df36ec5249090dc879a11b35b75 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2867202048 | Size: 400000 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] e7e1d42411c01c9f6bf9a495efa46608
[BSP] f6201df36ec5249090dc879a11b35b75 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2867202048 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] e7e1d42411c01c9f6bf9a495efa46608
[BSP] f6201df36ec5249090dc879a11b35b75 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2867202048 | Size: 400000 MB[Invalid]

+++++ PhysicalDrive1: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] f9524e8ed343f4025fbad223b1344dc7
[BSP] ef6d250fe52853eb7b39168df5da80cc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 549 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1126400 | Size: 237924 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EALX-009BA0 +++++
--- User ---
[MBR] 7e9f9358e2cbf5e0d3824c8bf2f5952b
[BSP] a627202a5a011755c9c1bb7ba9bff0c3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205006848 | Size: 110000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 450766848 | Size: 733767 MB
User = LL1 ... OK
User = LL2 ... OK

 

[Ewokki]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 23/09/2018
Scan Time: 04:14
Log File: 161181da-bece-11e8-aaea-f46d041e5452.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.6963
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.286)
CPU: x64
File System: NTFS
User: PREDATOR\koski

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 281201
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Ewokki]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-23-2018
# Duration: 00:00:09
# OS: Windows 10 Pro
# Scanned: 41930
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Ewokki]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by koski (administrator) on PREDATOR (23-09-2018 04:25:11)
Running from C:\Users\koski\Desktop
Loaded Profiles: koski (Available Profiles: koski)
Platform: Windows 10 Pro Version 1803 17134.286 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Registry
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atiesrxx.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsorsp64.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshoster64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Electronic Arts) G:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
() C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\Temperature.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2018-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2018-07-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [137464 2018-07-02] (Intel)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Steam] => g:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Spotify] => C:\Users\koski\AppData\Roaming\Spotify\Spotify.exe [25061776 2018-09-20] (Spotify Ltd)
HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Run: [Discord] => C:\Users\koski\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2018-07-27]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (ROCCAT)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-07-27]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2aa6622e-c882-4ce5-81cf-27cf6d6cca7c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-09-18] (Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https64.dll [2018-09-18] (F-Secure Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-09-18] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https.dll [2018-09-18] (F-Secure Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6348j8cm.default
FF ProfilePath: C:\Users\koski\AppData\Roaming\Mozilla\Firefox\Profiles\6348j8cm.default [2018-08-23]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-08-07] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-09-18]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-27] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default [2018-09-23]
CHR Extension: (Slides) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-27]
CHR Extension: (Docs) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-27]
CHR Extension: (Google Drive) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-27]
CHR Extension: (YouTube) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-27]
CHR Extension: (Sheets) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-27]
CHR Extension: (Gmail) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atiesrxx.exe [496008 2018-08-03] (AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2018-07-27] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-07-27] () [File not signed]
S3 BcastDVRUserService; C:\Windows\System32\BcastDVRUserService.dll [1364992 2018-09-15] (Microsoft Corporation)
S3 BcastDVRUserService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7212480 2018-08-10] ()
S3 BluetoothUserService; C:\Windows\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BTAGService; C:\Windows\System32\BTAGService.dll [514048 2018-04-12] (Microsoft Corporation)
S3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [395264 2018-04-12] (Microsoft Corporation)
S3 CaptureService; C:\Windows\System32\CaptureService.dll [125952 2018-04-12] (Microsoft Corporation)
S3 CaptureService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-07-02] (Intel)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2018-07-27] (DTS)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2018-07-28] (EasyAntiCheat Ltd)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2018-04-06] ()
R2 fshoster; C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\AntiVirus\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshoster64.exe [581160 2018-09-18] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsorsp64.exe [78304 2018-09-18] (F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe [581160 2018-09-18] (F-Secure Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [2205504 2018-07-29] (Electronic Arts)
R2 Origin Web Helper Service; G:\Program Files (x86)\Origin\OriginWebHelperService.exe [3075400 2018-07-29] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-07-29] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [185064 2018-04-06] ()
S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2018-04-06] ()
S3 VacSvc; C:\Windows\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\Windows\System32\WaaSMedicSvc.dll [392704 2018-08-09] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)
S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [729088 2018-06-19] (Microsoft Corporation)
S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1456640 2018-06-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afunix; C:\Windows\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atikmdag.sys [46783368 2018-08-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0331834.inf_amd64_598c38be6d6a3fce\B331820\atikmpag.sys [578440 2018-08-03] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-27] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107496 2018-07-17] (Advanced Micro Devices)
S3 bindflt; C:\Windows\system32\drivers\bindflt.sys [92056 2018-04-12] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fsulgk.sys [251728 2018-09-18] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\fshs.sys [112312 2018-09-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [65872 2018-08-09] ()
S0 fselms; C:\Windows\System32\drivers\fselms.sys [15360 2018-09-18] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\nif\1537173264\fsni64.sys [112456 2018-09-18] (F-Secure Corporation)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-09-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [58400 2018-09-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-09-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [110424 2018-09-23] (Malwarebytes)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S3 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-04-06] ()
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46896 2018-04-23] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\koski\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

 

[Ewokki]

2018-09-23 04:18 - 2018-09-23 04:18 - 000000000 ____D C:\AdwCleaner
2018-09-23 04:15 - 2018-09-23 04:15 - 000001225 _____ C:\Users\koski\Desktop\Malwarebytes.txt
2018-09-23 04:12 - 2018-09-23 04:13 - 000110424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-09-23 04:12 - 2018-09-23 04:12 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-23 04:12 - 2018-09-23 04:12 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-09-23 04:12 - 2018-09-23 04:12 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-09-23 04:12 - 2018-09-23 04:12 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-09-23 04:12 - 2018-09-23 04:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-23 04:12 - 2018-09-23 04:12 - 000000000 ____D C:\Users\koski\AppData\Local\mbamtray
2018-09-23 04:12 - 2018-09-23 04:12 - 000000000 ____D C:\Users\koski\AppData\Local\mbam
2018-09-23 04:12 - 2018-09-23 04:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-23 04:12 - 2018-09-23 04:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-23 04:12 - 2018-09-23 04:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-23 04:12 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-23 04:09 - 2018-09-23 04:09 - 000012382 _____ C:\Users\koski\Desktop\rk_8CEF.tmp.txt
2018-09-23 03:43 - 2018-09-23 03:43 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-09-23 03:42 - 2018-09-23 04:11 - 000000000 ____D C:\ProgramData\RogueKiller
2018-09-23 03:42 - 2018-09-23 03:42 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-09-23 03:42 - 2018-09-23 03:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-09-23 03:42 - 2018-09-23 03:42 - 000000000 ____D C:\Program Files\RogueKiller
2018-09-23 03:38 - 2018-09-23 03:39 - 007567568 _____ (Malwarebytes) C:\Users\koski\Desktop\AdwCleaner.exe
2018-09-23 03:32 - 2018-09-23 03:32 - 080191832 _____ (Malwarebytes ) C:\Users\koski\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6957.exe
2018-09-23 03:30 - 2018-09-23 03:30 - 036868304 _____ (Adlice Software ) C:\Users\koski\Desktop\RogueKiller_setup_ref3.exe
2018-09-22 23:23 - 2018-09-22 23:23 - 000057536 _____ C:\Users\koski\Desktop\Addition.txt
2018-09-22 23:22 - 2018-09-23 04:25 - 000021693 _____ C:\Users\koski\Desktop\FRST.txt
2018-09-22 23:21 - 2018-09-23 04:25 - 000000000 ____D C:\FRST
2018-09-22 23:21 - 2018-09-22 23:21 - 002404864 _____ (Farbar) C:\Users\koski\Desktop\FRST64.exe
2018-09-21 16:38 - 2018-09-21 16:38 - 000000000 ___HD C:\OneDriveTemp
2018-09-18 16:20 - 2018-09-05 01:36 - 001476904 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2018-09-18 04:39 - 2018-09-18 04:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-09-18 04:38 - 2018-09-18 04:38 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-18 04:38 - 2018-09-18 04:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-09-18 04:26 - 2018-09-15 11:46 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-18 04:26 - 2018-09-15 05:51 - 001220920 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-09-18 04:26 - 2018-09-15 05:50 - 001029432 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-09-18 04:26 - 2018-09-15 05:49 - 009090064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-18 04:26 - 2018-09-15 05:48 - 000885968 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-09-18 04:26 - 2018-09-15 05:33 - 001129760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-09-18 04:26 - 2018-09-15 05:33 - 000567280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-09-18 04:26 - 2018-09-15 05:19 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-09-18 04:26 - 2018-09-15 05:17 - 007577088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-09-18 04:26 - 2018-09-15 05:16 - 005777920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-09-18 04:26 - 2018-08-31 10:22 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-18 04:26 - 2018-08-31 09:55 - 001455960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-09-18 04:26 - 2018-08-31 09:37 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-18 04:26 - 2018-08-31 06:42 - 007436192 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-09-18 04:26 - 2018-08-31 06:42 - 000604640 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-09-18 04:26 - 2018-08-31 06:28 - 006043680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-09-18 04:26 - 2018-08-31 06:28 - 001989496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-18 04:26 - 2018-08-31 06:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-09-18 04:26 - 2018-08-31 06:15 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-18 04:26 - 2018-08-31 06:14 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-09-18 04:26 - 2018-08-31 06:14 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-18 04:26 - 2018-08-31 06:13 - 000402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-18 04:26 - 2018-08-31 06:11 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-18 04:26 - 2018-08-31 06:10 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-18 04:26 - 2018-08-31 06:10 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-18 04:26 - 2018-08-31 06:07 - 001627648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-18 04:26 - 2018-08-09 12:32 - 004527680 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-09-18 04:26 - 2018-08-09 12:14 - 012709376 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-18 04:26 - 2018-08-09 12:12 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-18 04:26 - 2018-08-09 12:11 - 003652608 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-09-18 04:26 - 2018-08-09 12:10 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-18 04:26 - 2018-08-09 11:24 - 011901952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-18 04:26 - 2018-08-09 11:22 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-18 04:26 - 2018-08-09 11:21 - 002894848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-09-18 04:26 - 2018-08-09 11:21 - 002016768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-18 04:26 - 2018-08-09 11:20 - 002401792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-09-18 04:26 - 2018-08-09 07:54 - 000709824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-09-18 04:26 - 2018-08-09 07:54 - 000170912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-18 04:26 - 2018-08-09 07:53 - 002765440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-18 04:26 - 2018-08-09 07:53 - 001026456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-09-18 04:26 - 2018-08-09 07:29 - 002253584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-18 04:26 - 2018-08-09 07:26 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-09-18 04:26 - 2018-08-09 07:24 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-09-18 04:26 - 2018-08-09 07:24 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 002172928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-09-18 04:26 - 2018-08-09 07:23 - 000916992 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-09-18 04:26 - 2018-08-09 07:22 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-09-18 04:26 - 2018-08-09 07:11 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-09-18 04:26 - 2018-08-09 07:10 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-09-18 04:26 - 2018-08-09 07:09 - 004191232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-18 04:26 - 2018-08-09 07:09 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-18 04:25 - 2018-09-15 11:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2018-09-18 04:25 - 2018-09-15 11:31 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-09-18 04:25 - 2018-09-15 11:31 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2018-09-18 04:25 - 2018-09-15 05:50 - 000567080 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-09-18 04:25 - 2018-09-15 05:50 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-09-18 04:25 - 2018-09-15 05:49 - 007519896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-09-18 04:25 - 2018-09-15 05:49 - 001097760 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-09-18 04:25 - 2018-09-15 05:48 - 000713504 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-09-18 04:25 - 2018-09-15 05:33 - 006567984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-18 04:25 - 2018-09-15 05:33 - 000357064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-09-18 04:25 - 2018-09-15 05:19 - 004382720 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-09-18 04:25 - 2018-08-31 10:42 - 001636232 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-09-18 04:25 - 2018-08-31 06:44 - 001064744 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-09-18 04:25 - 2018-08-31 06:43 - 000722880 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-09-18 04:25 - 2018-08-31 06:42 - 002824672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-09-18 04:25 - 2018-08-31 06:42 - 002461312 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-18 04:25 - 2018-08-31 06:42 - 001458552 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-18 04:25 - 2018-08-31 06:42 - 001258352 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-09-18 04:25 - 2018-08-31 06:42 - 001142000 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-18 04:25 - 2018-08-31 06:42 - 000983080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-09-18 04:25 - 2018-08-31 06:26 - 025847808 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-09-18 04:25 - 2018-08-31 06:21 - 022008320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-09-18 04:25 - 2018-08-31 06:20 - 022715904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-18 04:25 - 2018-08-31 06:18 - 008189440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-09-18 04:25 - 2018-08-31 06:17 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-09-18 04:25 - 2018-08-31 06:16 - 019404288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-18 04:25 - 2018-08-31 06:15 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-09-18 04:25 - 2018-08-31 06:15 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-09-18 04:25 - 2018-08-31 06:14 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-09-18 04:25 - 2018-08-31 06:14 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-09-18 04:25 - 2018-08-31 06:13 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-09-18 04:25 - 2018-08-31 06:11 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-09-18 04:25 - 2018-08-31 06:11 - 001854976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-09-18 04:25 - 2018-08-31 06:11 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 001375744 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-09-18 04:25 - 2018-08-31 06:10 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-09-18 04:25 - 2018-08-31 06:09 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-09-18 04:25 - 2018-08-31 06:08 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-09-18 04:25 - 2018-08-28 10:17 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-09-18 04:25 - 2018-08-28 09:56 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2018-09-18 04:25 - 2018-08-28 09:49 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-09-18 04:25 - 2018-08-28 09:48 - 001274368 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2018-09-18 04:25 - 2018-08-28 08:51 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-18 04:25 - 2018-08-09 12:37 - 002267944 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2018-09-18 04:25 - 2018-08-09 12:31 - 001617728 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-09-18 04:25 - 2018-08-09 12:31 - 000766872 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2018-09-18 04:25 - 2018-08-09 12:13 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2018-09-18 04:25 - 2018-08-09 11:38 - 001538976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2018-09-18 04:25 - 2018-08-09 08:02 - 001035144 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-09-18 04:25 - 2018-08-09 07:53 - 001947720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-18 04:25 - 2018-08-09 07:53 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-09-18 04:25 - 2018-08-09 07:29 - 001620880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-18 04:25 - 2018-08-09 07:28 - 003395072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-09-18 04:25 - 2018-08-09 07:25 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-09-18 04:25 - 2018-08-09 07:23 - 003148288 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2018-09-18 04:25 - 2018-08-09 07:22 - 004615680 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-18 04:25 - 2018-08-09 07:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-18 04:25 - 2018-08-09 07:21 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-09-18 04:25 - 2018-08-09 07:11 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-09-18 04:25 - 2018-08-09 07:10 - 002893824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2018-09-18 04:25 - 2018-08-09 07:10 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-09-18 04:24 - 2018-09-15 11:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-18 04:24 - 2018-09-15 05:57 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-09-18 04:24 - 2018-09-15 05:56 - 000269320 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-09-18 04:24 - 2018-09-15 05:51 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2018-09-18 04:24 - 2018-09-15 05:33 - 000581808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-09-18 04:24 - 2018-09-15 05:20 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-09-18 04:24 - 2018-09-15 03:59 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-09-18 04:24 - 2018-08-31 10:46 - 000542504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-09-18 04:24 - 2018-08-31 10:45 - 000348328 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-09-18 04:24 - 2018-08-31 10:43 - 001524152 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-09-18 04:24 - 2018-08-31 10:27 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-18 04:24 - 2018-08-31 10:27 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-18 04:24 - 2018-08-31 10:26 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-18 04:24 - 2018-08-31 10:25 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2018-09-18 04:24 - 2018-08-31 10:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-18 04:24 - 2018-08-31 10:24 - 001127936 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2018-09-18 04:24 - 2018-08-31 10:24 - 000482304 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-18 04:24 - 2018-08-31 10:23 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2018-09-18 04:24 - 2018-08-31 10:22 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-09-18 04:24 - 2018-08-31 09:53 - 001327504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-09-18 04:24 - 2018-08-31 09:41 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-18 04:24 - 2018-08-31 09:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-18 04:24 - 2018-08-31 09:40 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2018-09-18 04:24 - 2018-08-31 09:37 - 000622080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2018-09-18 04:24 - 2018-08-31 09:36 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-09-18 04:24 - 2018-08-31 06:43 - 002719216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-18 04:24 - 2018-08-31 06:42 - 001767064 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000632296 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000527328 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-18 04:24 - 2018-08-31 06:42 - 000155112 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 001514352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 000453104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2018-09-18 04:24 - 2018-08-31 06:28 - 000134936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-18 04:24 - 2018-08-31 06:17 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-18 04:24 - 2018-08-31 06:15 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-18 04:24 - 2018-08-31 06:15 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-18 04:24 - 2018-08-31 06:13 - 002738688 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-09-18 04:24 - 2018-08-31 06:12 - 000736256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-09-18 04:24 - 2018-08-31 06:12 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-18 04:24 - 2018-08-31 06:11 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-09-18 04:24 - 2018-08-31 06:11 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-09-18 04:24 - 2018-08-31 06:11 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-09-18 04:24 - 2018-08-31 06:10 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-18 04:24 - 2018-08-31 06:10 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-18 04:24 - 2018-08-31 06:10 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-09-18 04:24 - 2018-08-31 06:09 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-09-18 04:24 - 2018-08-31 06:07 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-09-18 04:24 - 2018-08-31 06:07 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-09-18 04:24 - 2018-08-31 06:06 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-09-18 04:24 - 2018-08-28 09:45 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2018-09-18 04:24 - 2018-08-14 05:14 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-18 04:24 - 2018-08-14 05:14 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-18 04:24 - 2018-08-09 12:31 - 000253544 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2018-09-18 04:24 - 2018-08-09 12:31 - 000236624 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2018-09-18 04:24 - 2018-08-09 12:17 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2018-09-18 04:24 - 2018-08-09 12:14 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2018-09-18 04:24 - 2018-08-09 12:13 - 000521216 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2018-09-18 04:24 - 2018-08-09 12:13 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2018-09-18 04:24 - 2018-08-09 12:13 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\TtlsExt.dll
2018-09-18 04:24 - 2018-08-09 12:12 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2018-09-18 04:24 - 2018-08-09 12:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-18 04:24 - 2018-08-09 12:11 - 002051584 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 000615424 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2018-09-18 04:24 - 2018-08-09 12:11 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2018-09-18 04:24 - 2018-08-09 12:10 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2018-09-18 04:24 - 2018-08-09 12:10 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\dinput.dll
2018-09-18 04:24 - 2018-08-09 12:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2018-09-18 04:24 - 2018-08-09 12:09 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\PackageInspector.exe
2018-09-18 04:24 - 2018-08-09 11:36 - 000660896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-09-18 04:24 - 2018-08-09 11:36 - 000221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-18 04:24 - 2018-08-09 11:24 - 000131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2018-09-18 04:24 - 2018-08-09 11:23 - 001308160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-09-18 04:24 - 2018-08-09 11:23 - 000291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollUI.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-09-18 04:24 - 2018-08-09 11:22 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certreq.exe
2018-09-18 04:24 - 2018-08-09 11:21 - 001274368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-09-18 04:24 - 2018-08-09 11:21 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-09-18 04:24 - 2018-08-09 11:20 - 000423424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2018-09-18 04:24 - 2018-08-09 11:20 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2018-09-18 04:24 - 2018-08-09 11:20 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput.dll
2018-09-18 04:24 - 2018-08-09 11:19 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-09-18 04:24 - 2018-08-09 08:01 - 000777400 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2018-09-18 04:24 - 2018-08-09 07:55 - 000230304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-09-18 04:24 - 2018-08-09 07:54 - 001019016 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-09-18 04:24 - 2018-08-09 07:54 - 000375704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-09-18 04:24 - 2018-08-09 07:54 - 000203568 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2018-09-18 04:24 - 2018-08-09 07:53 - 000932136 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-09-18 04:24 - 2018-08-09 07:53 - 000482480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-09-18 04:24 - 2018-08-09 07:53 - 000125600 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2018-09-18 04:24 - 2018-08-09 07:30 - 000829856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-09-18 04:24 - 2018-08-09 07:30 - 000183992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2018-09-18 04:24 - 2018-08-09 07:29 - 001174552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-18 04:24 - 2018-08-09 07:29 - 000099208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2018-09-18 04:24 - 2018-08-09 07:28 - 001589248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-09-18 04:24 - 2018-08-09 07:27 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-09-18 04:24 - 2018-08-09 07:27 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\eShims.dll
2018-09-18 04:24 - 2018-08-09 07:27 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2018-09-18 04:24 - 2018-08-09 07:26 - 000990720 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-09-18 04:24 - 2018-08-09 07:26 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-18 04:24 - 2018-08-09 07:26 - 000528384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-09-18 04:24 - 2018-08-09 07:26 - 000319488 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-09-18 04:24 - 2018-08-09 07:26 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\TtlsAuth.dll
2018-09-18 04:24 - 2018-08-09 07:26 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\TtlsCfg.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\certca.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2018-09-18 04:24 - 2018-08-09 07:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-09-18 04:24 - 2018-08-09 07:22 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-09-18 04:24 - 2018-08-09 07:13 - 001189376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-09-18 04:24 - 2018-08-09 07:13 - 000042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2018-09-18 04:24 - 2018-08-09 07:12 - 000652288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certca.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsAuth.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsCfg.dll
2018-09-18 04:24 - 2018-08-09 07:11 - 000122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-09-18 04:24 - 2018-08-09 07:08 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-09-18 04:24 - 2018-08-09 06:08 - 000806416 _____ C:\Windows\SysWOW64\locale.nls
2018-09-18 04:24 - 2018-08-09 06:08 - 000806416 _____ C:\Windows\system32\locale.nls
2018-09-18 04:13 - 2018-09-18 04:10 - 000015360 _____ (F-Secure Corporation) C:\Windows\system32\Drivers\fselms.sys
2018-09-08 17:34 - 2018-09-08 17:34 - 000000000 ____D C:\Users\koski\AppData\Roaming\Kalypso Media
2018-09-08 17:33 - 2018-09-08 17:33 - 000000000 ____D C:\Users\koski\AppData\LocalLow\Realmforge Studios GmbH
2018-09-08 17:33 - 2018-09-08 17:33 - 000000000 ____D C:\Users\koski\AppData\Local\Kalypso Media
2018-08-26 18:41 - 2018-08-26 18:41 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-08-25 19:12 - 2018-08-25 19:12 - 000000000 ____D C:\Users\koski\AppData\Local\id Software
2018-08-25 19:05 - 2018-08-25 19:06 - 000000000 ____D C:\Users\koski\AppData\Local\PAYDAY 2
2018-08-25 19:05 - 2018-08-25 19:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-08-25 19:05 - 2018-08-25 19:05 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-08-25 00:22 - 2018-08-25 00:22 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2018-08-25 00:22 - 2018-08-25 00:22 - 000003074 _____ C:\Windows\System32\Tasks\StartDVR
2018-08-25 00:22 - 2018-08-25 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-08-25 00:21 - 2018-08-25 00:21 - 000000000 ____D C:\Program Files (x86)\AMD
2018-08-25 00:15 - 2018-08-25 00:15 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-08-25 00:14 - 2018-08-25 00:15 - 000000000 ____D C:\AMD
2018-08-25 00:14 - 2018-08-25 00:14 - 025555000 _____ (AMD Inc.) C:\Users\koski\Downloads\radeon-software-adrenalin-18.8.1-minimalsetup-180803_64bit.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-23 04:16 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-23 03:25 - 2018-07-27 14:21 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-09-23 00:38 - 2018-07-27 14:29 - 000793764 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-23 00:38 - 2018-04-12 02:36 - 000000000 ____D C:\Windows\INF
2018-09-23 00:32 - 2018-07-27 19:07 - 000000000 ____D C:\Users\koski\AppData\Roaming\discord
2018-09-23 00:32 - 2018-07-27 18:59 - 000000000 ____D C:\Users\koski\AppData\Local\Spotify
2018-09-23 00:32 - 2018-07-27 18:58 - 000000000 ____D C:\Users\koski\AppData\Roaming\Spotify
2018-09-23 00:32 - 2018-07-27 14:38 - 000000000 ___RD C:\Users\koski\OneDrive
2018-09-23 00:32 - 2018-07-27 14:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-22 22:43 - 2018-07-27 18:11 - 000000000 ____D C:\Users\koski\AppData\Local\D3DSCache
2018-09-22 22:10 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-22 22:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\AppReadiness
2018-09-22 21:55 - 2018-07-27 14:30 - 000000000 ____D C:\Users\koski
2018-09-22 00:52 - 2018-07-28 22:50 - 000000000 ____D C:\Users\koski\AppData\Roaming\TS3Client
2018-09-21 16:38 - 2018-07-27 14:39 - 000003364 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4004542635-2087850760-1770400530-1001
2018-09-21 16:38 - 2018-07-27 14:30 - 000002367 _____ C:\Users\koski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-20 20:04 - 2018-07-27 14:26 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-09-20 20:04 - 2018-04-12 00:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-09-20 00:56 - 2018-07-27 14:44 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 00:56 - 2018-07-27 14:44 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-18 16:20 - 2018-04-12 02:30 - 000000000 ____D C:\Windows\CbsTemp
2018-09-18 06:11 - 2018-07-27 14:21 - 000406536 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-09-18 06:10 - 2018-04-12 12:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\TextInput
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\en-GB
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\oobe
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\system32\en-GB
2018-09-18 06:10 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\bcastdvr
2018-09-18 06:10 - 2018-04-12 00:04 - 000000000 ____D C:\Windows\system32\Dism
2018-09-18 04:39 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-09-18 04:37 - 2018-08-13 18:19 - 000000000 ____D C:\Program Files\Microsoft Office
2018-09-18 04:37 - 2018-07-27 15:37 - 000000000 ____D C:\Windows\system32\MRT
2018-09-18 04:34 - 2018-07-27 15:37 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-18 04:23 - 2018-07-27 14:36 - 000000000 ____D C:\Users\koski\AppData\Local\Packages
2018-09-18 04:13 - 2018-04-12 02:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-09-18 04:09 - 2018-07-28 17:10 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-09-06 11:34 - 2018-07-27 18:48 - 000000000 ____D C:\Users\koski\AppData\Local\ElevatedDiagnostics
2018-09-05 02:04 - 2018-04-12 02:41 - 000835144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-05 02:04 - 2018-04-12 02:41 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-26 00:13 - 2018-07-28 15:27 - 000000000 ____D C:\Users\koski\Documents\my games
2018-08-26 00:13 - 2018-04-12 02:33 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-08-26 00:13 - 2018-04-12 02:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-08-26 00:13 - 2018-04-12 02:33 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-08-25 00:22 - 2018-07-27 14:26 - 000000000 ____D C:\Program Files\AMD
2018-08-25 00:18 - 2018-07-27 14:44 - 000000000 ____D C:\Users\koski\AppData\LocalLow\AMD
2018-08-25 00:17 - 2018-07-27 18:09 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-24 22:35 - 2018-04-12 02:38 - 000000000 ____D C:\Windows\LiveKernelReports

Some files in TEMP:
====================
2018-09-21 19:51 - 2018-09-23 00:34 - 000000000 _____ () C:\Users\koski\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-09-21 19:51 - 2018-09-23 00:34 - 000000017 _____ () C:\Users\koski\AppData\Local\Temp\61e6a516043de722da96d425d95f8793.dll
2018-09-23 03:42 - 2018-08-09 07:53 - 001947720 _____ (Microsoft Corporation) C:\Users\koski\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-27 14:21

==================== End of FRST.txt ============================

 

[Ewokki]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by koski (23-09-2018 04:25:42)
Running from C:\Users\koski\Desktop
Windows 10 Pro Version 1803 17134.286 (X64) (2018-07-27 11:23:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4004542635-2087850760-1770400530-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4004542635-2087850760-1770400530-503 - Limited - Disabled)
Guest (S-1-5-21-4004542635-2087850760-1770400530-501 - Limited - Disabled)
koski (S-1-5-21-4004542635-2087850760-1770400530-1001 - Administrator - Enabled) => C:\Users\koski
WDAGUtilityAccount (S-1-5-21-4004542635-2087850760-1770400530-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure (Enabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{7ED1F198-3D52-420C-9F32-9F1B86720990}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{323CCD81-1A62-4163-955A-2E617D7211C9}) (Version: 3.4.1.7 - Intel) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.8.1 - Advanced Micro Devices, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Computer Security 17.215.129.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.215.129.0 - F-Secure Corporation) Hidden
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Discord (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Driver Easy 5.6.3 (HKLM\...\DriverEasy_is1) (Version: 5.6.3 - Easeware)
F-Secure (HKLM-x32\...\{9F1F7158-62F9-45F8-8D35-346A0E2E683D}) (Version: 3.15.285.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 3.15.285.0 - F-Secure Corporation)
F-Secure Ultralight 1.1.24.0 (release) (HKLM-x32\...\{9FAE989F-A043-4017-B60F-9134E992BB55}) (Version: 1.1.24.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{32756C77-14FD-46F9-9480-84D77BA4E60D}) (Version: 4.1.0.29 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{65f026f0-ca1d-4c8d-84bb-67ced39a5087}) (Version: 3.4.1.7 - Intel)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20102 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 fi) (HKLM\...\Mozilla Firefox 61.0.2 (x64 fi)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10730.20102 - Microsoft Corporation) Hidden
Online Safety 2.215.7452.4118 (HKLM-x32\...\{0DD64CD2-B23F-4A3D-A88D-EF6848A20167}) (Version: 2.215.7452.4118 - F-Secure Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
ROCCAT Swarm (HKLM-x32\...\{32C24F2E-923F-49C1-8E60-2B3DC5482255}) (Version: 1.93.250 - ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32\...\InstallShield_{32C24F2E-923F-49C1-8E60-2B3DC5482255}) (Version: 1.93.250 - ROCCAT GmbH)
RogueKiller version 12.13.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.1.0 - Adlice Software)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.6.63768 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.12.6 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.6 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A7AA876-862F-4F81-AA4B-B73950FA632C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {1909F7EE-08E2-4CB2-A0BA-00C4E94267F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-27] (Google Inc.)
Task: {23170156-1AAE-4E68-B7B5-653E54DD6BC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-18] (Microsoft Corporation)
Task: {26E05CB3-1F88-4345-88D6-BD86357B836D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-18] (Microsoft Corporation)
Task: {2AB56619-EC43-4CD4-A985-BB35F737B638} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {430852CB-A87C-492E-A659-075C7BF1710C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {4D36ADAC-0BF4-4A73-BAD7-371582C558C9} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-09-18] (Microsoft Corporation)
Task: {541BA5BF-1736-4A3E-B1E5-CE1C9EE13043} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {5FA4782E-21C5-4682-8956-9AE4964F0006} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {65A34F07-723D-4150-B109-13BD1AE3DFAA} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {78BABCCD-20B8-49B7-B4F8-87490C41C875} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {7D7985D7-486A-4C12-90FF-8E636184D6A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-08] (Microsoft Corporation)
Task: {827282E0-FF88-47D0-96EE-7011C419DCFE} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [2018-06-27] (ROCCAT)
Task: {8283729C-F502-4C91-8B3C-B68B976AA05B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-18] (Microsoft Corporation)
Task: {8F255F88-A87A-495F-B828-A4AFEC70BDB0} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\Windows\system32\dxgiadaptercache.exe [2018-04-12] (Microsoft Corporation)
Task: {95BD180F-DF08-4B39-AD5B-BB6F458E4CEB} - System32\Tasks\S-1-5-21-4004542635-2087850760-1770400530-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {A167F6E0-ED47-419C-807E-2A11ECBA98D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {AD1376B4-6C92-4FD5-9EDB-1BEFDC624838} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-09-18] (Microsoft Corporation)
Task: {C06041B6-6ADC-42BF-B188-F76BD245121A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-08-02] (Advanced Micro Devices, Inc.)
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2018-06-19] (Microsoft Corporation)
Task: {C822193E-8E11-4697-86AD-2FDEBAAEFD5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-18] (Microsoft Corporation)
Task: {D1CC320B-9A47-4DB4-AFE4-2BCE1A964E7A} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {E3D375A1-8D22-4567-A742-D39E425C1D4A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E5A12D7C-44BD-43D6-B8D8-17BE14A06214} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {E5C9DEF6-2778-429C-8A43-56D594955425} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {F061BD14-4344-447C-8B0A-D229AC1521F3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {FF8D092C-3043-4D51-80B1-5959A855F0DA} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-08-02] (Advanced Micro Devices, Inc.)
Task: {FF94508A-E80B-4BE5-A136-CB492EEBBB9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-07-27 16:01 - 2018-07-27 16:00 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-09-18 04:13 - 2018-09-18 04:10 - 000418784 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\daas2_x64.dll
2018-07-27 16:01 - 2018-07-27 16:00 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2018-09-18 04:13 - 2018-09-18 04:10 - 000319968 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1537179249\senddump_fshoster_plugin64.dll
2018-07-29 15:28 - 2018-07-29 19:08 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 000185064 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-18 04:26 - 2018-09-15 05:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-27 14:54 - 2018-07-27 14:55 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-27 14:54 - 2018-07-27 14:55 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-18 04:15 - 2018-09-18 04:16 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 12:23 - 2018-04-12 12:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-18 04:15 - 2018-09-18 04:16 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-04-30 16:09 - 2018-04-30 16:09 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-30 16:09 - 2018-04-30 16:09 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000885992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000260328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000306920 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000231144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000212200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000453352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000375528 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000609512 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000248040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2018-04-06 20:55 - 2018-04-06 20:55 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-07-27 16:40 - 2018-07-27 16:40 - 000349184 _____ () C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\Temperature.exe
2018-09-22 22:10 - 2018-09-22 22:10 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-22 22:10 - 2018-09-22 22:10 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 22:24 - 2018-08-21 22:24 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-21 22:24 - 2018-08-21 22:24 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-22 22:10 - 2018-09-22 22:10 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-05 19:43 - 2018-09-05 19:43 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 14:54 - 2018-07-27 15:11 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-18 04:15 - 2018-09-18 04:15 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-31 23:53 - 2018-07-31 23:53 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-18 04:15 - 2018-09-18 04:15 - 001685504 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-09-18 04:15 - 2018-09-18 04:15 - 007618560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-09-08 19:41 - 2018-09-08 19:41 - 032572928 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-09-08 19:41 - 2018-09-08 19:41 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-08 19:41 - 2018-09-08 19:41 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 12:25 - 2018-04-12 12:25 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-04-12 12:23 - 2018-04-12 12:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18081.11121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-23 04:12 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-23 04:12 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-20 00:56 - 2018-09-15 11:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 00:56 - 2018-09-15 11:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-07-27 16:01 - 2018-09-23 00:32 - 000023040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2018-07-27 16:01 - 2018-07-27 16:00 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2018-05-08 14:41 - 2018-05-08 14:41 - 000211424 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\zlib_32.dll
2018-05-08 14:40 - 2018-05-08 14:40 - 000259040 _____ () C:\Program Files (x86)\F-Secure\AntiVirus\daas2.dll
2014-10-23 18:27 - 2014-10-23 13:27 - 000119822 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libgcc_s_dw2-1.dll
2015-12-29 06:25 - 2015-12-29 01:25 - 001540622 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libstdc++-6.dll
2018-05-23 11:22 - 2018-06-27 05:27 - 000563712 _____ () C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\aimo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

 

[Ewokki]

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 02:38 - 2018-04-12 02:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4004542635-2087850760-1770400530-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3490DB80-0ED5-4976-938C-4A132FBA98E9}] => (Allow) F:\DriverEasy\DriverEasy.exe
FirewallRules: [{56C808DF-93C5-47A3-BCA1-A3461E2EC012}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{26EBF5D3-AB75-427A-BC93-73732D807F05}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA67D501-81AF-4356-A318-013D8BE3A0E8}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{66FA1575-192A-4FBA-9202-A72A8047C99A}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{67C1BCED-1191-442F-92DD-3BA7C2AD749E}C:\users\koski\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\koski\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{20546C38-7FE4-4BA4-A16A-C5E722938437}C:\users\koski\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\koski\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5043D64B-1DCA-4425-80F8-4FC7F0A054A2}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe
FirewallRules: [UDP Query User{24E67568-C076-49EA-A4ED-9CF93E0109C0}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe
FirewallRules: [{C9FF9F0A-E948-4FBF-9334-647D35372863}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{14939C0E-AF85-4B39-B542-5167F50E3671}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{ED280F84-6CAB-4756-94B6-124C667743E8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{CD1AF9D2-A6CB-42E1-8798-A88189377082}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{A959B41B-7DD5-45A6-B9B4-BA7490CCB6F1}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1042ED68-5AB9-442C-BC11-E42A827B8E25}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6025E52C-E22A-4225-BACC-11B35DF20B17}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{542EADFC-FDF5-48CF-ADC5-566173602150}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{1FAA7795-AC12-4AA3-81C3-E265F97C9E71}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{0C37D6CF-DEFE-47BF-ACA1-C4617E1F008E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{F3B82B7F-7FB6-4895-A233-6B12AE30AE3E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{044E8387-1A0E-4A22-8CA2-3F569DF8A8C1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{6338DDAD-7625-43BC-8CD2-D27B9EBD30D7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E54F0FB-D667-468D-8DE6-91768D44D010}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3894704-CFFA-4985-A07B-C0DE27A3F445}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5F7E3046-3613-4E36-8762-14697D1BF20C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{DA4FEBD0-DA49-4DC0-91E1-BE410F0834A5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{5B8D307C-3AE5-4BB7-B6CD-8B9931D5AD37}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{5C634B3A-4786-43C9-AF6D-F0FD1A516C0F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{3E981A09-D589-45DE-AC96-620AAC32F998}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{12380D05-3191-4378-B0E8-125981725E19}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{B432F7C3-40BC-41B0-9D78-4A1A0EB3D244}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{5B936EFB-135E-428F-82AE-DD242C03A7D0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{E2A1C203-ADB5-458D-8071-52C917CAC83B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{865D5378-A4E0-4534-AB1A-A987E9D3A851}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{4A2CA21D-3AA7-430E-9733-37AA09647D0F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe
FirewallRules: [{F10D0FDD-08EC-4134-AEEE-B0E71355E1C2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{64334E65-87D1-49ED-9DA3-867B49E6D016}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{99D2903A-89F9-4E01-9EC1-13CA3B697288}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{DBAF5DF6-ABC5-4768-B251-F7D730800BD8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{EED5731A-78B4-4E89-B052-51AB03C6ABC7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{4283B819-8E20-4FCC-A2C1-F08683BB5364}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{90C907EB-256C-4A51-BBC8-A653C95E416C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{0B2EED04-F34C-45AC-BC5D-A2D7CE1ABDC7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B0D460DD-0A16-40C3-A162-ADED70AD7B3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2C8B6DF6-D66C-4B94-8D65-1F09F24F1F5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A638CC10-66E4-4BE2-99B4-EB72F4C895FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3624E6A-52DB-4636-A901-6C06C6E76A37}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C5A6A4BC-2F38-4367-AD32-63BB64832DDC}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{25D91854-69F5-4A56-BE60-FB9BDDFC83A9}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{20813A99-3377-40A6-A22F-31919C06B0E0}] => (Allow) G:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{08F60C0A-4CBF-4EB0-84D0-C56FD884C89C}] => (Allow) G:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{97EF8A8B-8F5F-4C5A-927B-14FADC0AE048}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{2F99A07C-BC28-4942-BA34-E385B39243EA}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{3EE81D54-4EBD-44E7-BDFA-39746E7A637F}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{56A674E4-3DAA-41B6-889C-7934F68876B9}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [TCP Query User{BCD17D0D-B70E-4B59-AA35-8D7B79DA1A8D}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{124E042E-57E2-4929-B433-7B27ADC815E1}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{D855CCA3-12A9-490D-AF21-F0F6A5E2F2DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DEEFE46E-56AD-4E8A-B843-98DFC7F15E50}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3997C056-9B6A-4965-96CA-E2265DAA579F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1066E6E-59E9-4102-9982-2E0A5FEC319F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF58033E-0589-4C28-8C17-AF463F8C50B2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{AE1841B4-0D46-463F-A1FB-78810545A98B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{39A9001E-EB3C-4B22-B33F-1747617BA5EA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{4AC12139-49EF-4AB2-A191-AD7CB41E76A2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{ABF709C9-1854-4195-8186-8053A23EC8F1}G:\paskaa\mw2\iw4x.exe] => (Block) G:\paskaa\mw2\iw4x.exe
FirewallRules: [UDP Query User{DDD9F7D9-7A6A-4E2B-A6C5-598D5B082E1D}G:\paskaa\mw2\iw4x.exe] => (Block) G:\paskaa\mw2\iw4x.exe
FirewallRules: [{D4D2937F-EFF7-4BE3-901E-83D689934320}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E8529C48-A074-43EE-841B-538B3ADE2BE0}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{8CCC23DA-64A2-4A3F-AE61-6DDB6A03EC3F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6C6C7FAA-1E5B-49A7-9FCF-BEB232CA1894}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{493FAFBA-9750-4510-9C62-13B52C9D3E83}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{EF066732-7235-4240-826C-C07848247924}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{CB831897-5357-461A-9CAA-6363F43E0D88}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{CACACC39-514E-4C1E-8889-B8E3DA451A34}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1BCF6C89-9EEE-4F34-B1DE-3DAA4801D324}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dungeons 3\Dungeons3.exe
FirewallRules: [{13786870-7FE7-45A5-A1A1-AD17144A3EA2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dungeons 3\Dungeons3.exe
FirewallRules: [TCP Query User{C31BB922-018E-4F27-BFB9-C4FDEACE26A0}G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe] => (Block) G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe
FirewallRules: [UDP Query User{E8EA3D1F-8BB0-44C0-833F-452D0854F4FE}G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe] => (Block) G:\program files (x86)\steam\steamapps\common\dungeons 3\dungeons3bin.exe
FirewallRules: [{1603B1EE-B344-46A4-83B7-0A8A4A525C09}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F0C18E4E-7F65-45C0-B88C-BB00C094A8C6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{776039EE-5517-4E49-BC18-774674CE747B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{63859CAE-D08A-410A-8E0D-C74684D3111F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-09-2018 19:49:46 Scheduled Checkpoint
18-09-2018 04:23:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: ASUS Bluetooth
Description: ASUS Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2018 04:01:34 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/23/2018 04:01:34 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/23/2018 04:01:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/23/2018 04:01:22 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/22/2018 10:43:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 166c

Start Time: 01d452a632f179f2

Termination Time: 4294967295

Application Path: G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: babd2bf6-f396-4fb8-8405-850e5d187520

Faulting package full name:

Faulting package-relative application ID:

Error: (09/22/2018 09:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 27a0

Start Time: 01d452a5f0b7421f

Termination Time: 4294967295

Application Path: G:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: e65a723c-090e-49ec-bb81-0f2eb51c6597

Faulting package full name:

Faulting package-relative application ID:

Error: (09/22/2018 02:26:35 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2018 04:40:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (09/23/2018 04:16:50 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 04:08:07 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 04:01:51 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 03:43:00 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 02:25:12 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 02:25:10 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 12:39:59 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2018 12:36:07 AM) (Source: DCOM) (EventID: 10016) (User: PREDATOR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PREDATOR\koski SID (S-1-5-21-4004542635-2087850760-1770400530-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-08-21 16:03:32.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-07-27 14:51:35.753
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1530012511\fshook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-27 14:51:35.429
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\F-Secure\AntiVirus\apps\Ultralight\ulcore\1530012511\fshook64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 16360.93 MB
Available physical RAM: 11271.05 MB
Total Virtual: 21736.93 MB
Available Virtual: 17252.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:160.54 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Programs) (Fixed) (Total:390.62 GB) (Free:389.21 GB) NTFS
Drive g: (Games) (Fixed) (Total:976.56 GB) (Free:525.24 GB) NTFS
Drive h: (Game I) (Fixed) (Total:117.19 GB) (Free:0.45 GB) NTFS
Drive I: (Storage) (Fixed) (Total:390.62 GB) (Free:389.62 GB) NTFS
Drive j: (Game II) (Fixed) (Total:111.33 GB) (Free:2.17 GB) NTFS
Drive k: (Music) (Fixed) (Total:195.31 GB) (Free:7.05 GB) NTFS
Drive l: (Storage) (Fixed) (Total:286.88 GB) (Free:1.7 GB) NTFS
Drive m: () (Fixed) (Total:97.66 GB) (Free:10.46 GB) NTFS
Drive n: (Programs) (Fixed) (Total:107.42 GB) (Free:0.7 GB) NTFS

\\?\Volume{a5068a64-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A3C2E41C)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A5068A64)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AE1ACD8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=716.6 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Ewokki]

Fix result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by koski (23-09-2018 04:36:50) Run:1
Running from C:\Users\koski\Desktop
Loaded Profiles: koski (Available Profiles: koski)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <==== ATTENTION
S3 BcastDVRUserService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_4c0de; C:\Windows\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_4c0de; C:\Windows\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 cpuz140; \??\C:\Users\koski\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
2018-09-21 19:51 - 2018-09-23 00:34 - 000000000 _____ () C:\Users\koski\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-09-21 19:51 - 2018-09-23 00:34 - 000000017 _____ () C:\Users\koski\AppData\Local\Temp\61e6a516043de722da96d425d95f8793.dll
2018-09-23 03:42 - 2018-08-09 07:53 - 001947720 _____ (Microsoft Corporation) C:\Users\koski\AppData\Local\Temp\dllnt_dump.dll

*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\BcastDVRUserService_4c0de" => removed successfully
BcastDVRUserService_4c0de => service removed successfully
BcastDVRUserService_4c0de => service not found.
"HKLM\System\CurrentControlSet\Services\BluetoothUserService_4c0de" => removed successfully
BluetoothUserService_4c0de => service removed successfully
BluetoothUserService_4c0de => service not found.
"HKLM\System\CurrentControlSet\Services\CaptureService_4c0de" => removed successfully
CaptureService_4c0de => service removed successfully
CaptureService_4c0de => service not found.
"HKLM\System\CurrentControlSet\Services\cpuz140" => removed successfully
cpuz140 => service removed successfully
C:\Users\koski\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll => moved successfully
C:\Users\koski\AppData\Local\Temp\61e6a516043de722da96d425d95f8793.dll => moved successfully
C:\Users\koski\AppData\Local\Temp\dllnt_dump.dll => moved successfully


The system needed a reboot.

==== End of Fixlog 04:36:51 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Ewokki]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
F-Secure
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (69.0.3497.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
F-Secure AntiVirus fshoster32.exe
F-Secure AntiVirus apps Ultralight\ulcore\1537179249\fsorsp64.exe
F-Secure AntiVirus apps Ultralight\ulcore\1537179249\fshoster64.exe
F-Secure AntiVirus fshoster32.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[Ewokki]

Farbar Service Scanner Version: 27-01-2016
Ran by koski (administrator) on 23-09-2018 at 05:06:11
Running from "C:\Users\koski\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Ewokki]

Hmm, this Sophos takes forever to complete

 

[Broni]

It may

 

[Ewokki]

2018-09-23 02:12:31.449 Sophos Virus Removal Tool version 2.7.0
2018-09-23 02:12:31.449 Copyright (c) 2009-2018 Sophos Limited. All rights reserved.

2018-09-23 02:12:31.449 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-09-23 02:12:31.449 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2018-09-23 02:12:31.449 Checking for updates...
2018-09-23 02:12:31.450 Update progress: proxy server not available
2018-09-23 02:12:38.776 Option all = no
2018-09-23 02:12:38.776 Option recurse = yes
2018-09-23 02:12:38.776 Option archive = no
2018-09-23 02:12:38.776 Option service = yes
2018-09-23 02:12:38.776 Option confirm = yes
2018-09-23 02:12:38.776 Option sxl = yes
2018-09-23 02:12:38.776 Option max-data-age = 35
2018-09-23 02:12:38.776 Option vdl-logging = yes
2018-09-23 02:12:38.776 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-09-23 02:12:38.776 Machine ID: 09ea84c992aa40239233d9e15a309a6e
2018-09-23 02:12:38.776 Component SVRTcli.exe version 2.7.0
2018-09-23 02:12:38.776 Component control.dll version 2.7.0
2018-09-23 02:12:38.776 Component SVRTservice.exe version 2.7.0
2018-09-23 02:12:38.776 Component engine\osdp.dll version 1.44.1.2420
2018-09-23 02:12:38.776 Component engine\veex.dll version 3.73.0.2420
2018-09-23 02:12:38.776 Component engine\savi.dll version 9.0.11.2420
2018-09-23 02:12:38.776 Component rkdisk.dll version 1.5.33.1
2018-09-23 02:12:38.776 Version info: Product version 2.7.0
2018-09-23 02:12:38.792 Version info: Detection engine 3.73.0
2018-09-23 02:12:38.792 Version info: Detection data 5.53
2018-09-23 02:12:38.792 Version info: Build date 7/17/2018
2018-09-23 02:12:38.792 Version info: Data files added 408
2018-09-23 02:12:38.792 Version info: Last successful update (not yet updated)
2018-09-23 02:12:42.036 Downloading updates...
2018-09-23 02:12:42.036 Update progress: [I96736] sdds.svrt_v1.5: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.svrt_v1.5: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.svrt_v1.5: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-09-23 02:12:42.036 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2018-09-23 02:12:42.036 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2018-09-23 02:12:42.036 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2018-09-23 02:12:42.036 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 109 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ad7a41c629456deac0a017d46c1dfa80x000.xml: 3171 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ad7a41c629456deac0a017d46c1dfa80x000.xml: 16 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fd178c4041d0f30f22ee33c1a1ff5c93x000.xml: 8673 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fd178c4041d0f30f22ee33c1a1ff5c93x000.xml: 15 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE558/d840b66a1f69f417079c28fa0aeb1582x000.xml: 590 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE558/d840b66a1f69f417079c28fa0aeb1582x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE548/107dc245a5689ba1cd4964b62c503aafx000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE548/107dc245a5689ba1cd4964b62c503aafx000.xml: 63 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE549/564f40c936555e7bd11a0669b02f9ce5x000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE549/564f40c936555e7bd11a0669b02f9ce5x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE547/7ed7c972ea5728a2f9cd6af0e14d9dadx000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE547/7ed7c972ea5728a2f9cd6af0e14d9dadx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 601 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 125 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE556/c22eba771b8b9cfbe3b0ab21aeff0681x000.xml: 1093 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE556/c22eba771b8b9cfbe3b0ab21aeff0681x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE557/5ca50e29b49aa7311864a65dd07f0b77x000.xml: 10374 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE557/5ca50e29b49aa7311864a65dd07f0b77x000.xml: 16 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 586c199c8fd32f42aca22ae347d03d34x000.xml: 615 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 586c199c8fd32f42aca22ae347d03d34x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8cd20e1a1b77f00a7e6e232811055fe1x000.xml: 320 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8cd20e1a1b77f00a7e6e232811055fe1x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 62 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a7f21eb049126d9fab9994032750a2d3x000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a7f21eb049126d9fab9994032750a2d3x000.xml: 62 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4cc3aa83d62c1f21721018c23a13d341x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4cc3aa83d62c1f21721018c23a13d341x000.xml: 63 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 44df079c17c27192400c73a86d16785fx000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 44df079c17c27192400c73a86d16785fx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e72c50dc4507dfba988367b178eda4ax000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e72c50dc4507dfba988367b178eda4ax000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46e9b0f78df0d20502af43f391ffc506x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46e9b0f78df0d20502af43f391ffc506x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: eaba289b0a9e187ed96137c42bf85645x000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: eaba289b0a9e187ed96137c42bf85645x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4e261308128b5b42bf54c232030ea27x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4e261308128b5b42bf54c232030ea27x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 79cbe55b537a6b0b088266c4f7851a6fx000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 79cbe55b537a6b0b088266c4f7851a6fx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a3d97ad39c880616c6265d17c501d956x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a3d97ad39c880616c6265d17c501d956x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 65cd522db300e140cf78cb0c5862d7fex000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 65cd522db300e140cf78cb0c5862d7fex000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 07c618a8e6ddca7e5889870b20467f25x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 07c618a8e6ddca7e5889870b20467f25x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 65b7509646b00610cf1732a01f49a46fx000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 65b7509646b00610cf1732a01f49a46fx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f6ec5061dd7e77923111541727311aa2x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f6ec5061dd7e77923111541727311aa2x000.xml: 93 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1504a1cc397f0523526e52d5a45ca7f1x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1504a1cc397f0523526e52d5a45ca7f1x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4ac63e69e470a7651fc41a5c5a3aed1fx000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4ac63e69e470a7651fc41a5c5a3aed1fx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ace8e7b646829af68be5b32bbcc82570x000.xml: 338 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ace8e7b646829af68be5b32bbcc82570x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e6a892842be8d0ea04aa0bf23f938a70x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e6a892842be8d0ea04aa0bf23f938a70x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bbcf356e78e4155c3580d66d9599d64ax000.xml: 320 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bbcf356e78e4155c3580d66d9599d64ax000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 70412806072854f093ce442524ee34cex000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 70412806072854f093ce442524ee34cex000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 21825cbdf17fb5b072735f05b35094e3x000.xml: 332 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 21825cbdf17fb5b072735f05b35094e3x000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: dd336620d7d410f82d6cb385633989bex000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: dd336620d7d410f82d6cb385633989bex000.xml: 32 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7306fb2f742389e83d37066b3e33b072x000.xml: 332 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7306fb2f742389e83d37066b3e33b072x000.xml: 32 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c597a87b490ce67c0f38c8dcedc97ac1x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c597a87b490ce67c0f38c8dcedc97ac1x000.xml: 62 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a409cfb9c55f9198d1f81fabea1b1448x000.xml: 332 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a409cfb9c55f9198d1f81fabea1b1448x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fcbf06cb7ba4d9510493135c5e2e4959x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fcbf06cb7ba4d9510493135c5e2e4959x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 781961dbba1e31e53e195001c565ce52x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 781961dbba1e31e53e195001c565ce52x000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cc2b3945cca20ce4f560cd0a366d228fx000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cc2b3945cca20ce4f560cd0a366d228fx000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ce691a3f0112a18f24ebe911741d65d0x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ce691a3f0112a18f24ebe911741d65d0x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 02f31b6dadc02434df2299abe0f2490bx000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 02f31b6dadc02434df2299abe0f2490bx000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 51ea87605db3b31378644d7094899248x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 51ea87605db3b31378644d7094899248x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 428d8cfd2ecc0ead43fa17b9abdc25d9x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 428d8cfd2ecc0ead43fa17b9abdc25d9x000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 75a98faa06e4e1c1e0497f2e7c5a6919x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 75a98faa06e4e1c1e0497f2e7c5a6919x000.xml: 32 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 85bdc006fcc19d505d5953c44b4c78bax000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 85bdc006fcc19d505d5953c44b4c78bax000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 03275e66324332ba5cf5e414ae440745x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 03275e66324332ba5cf5e414ae440745x000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4cb919ad1236c9b23b9e86ae7e5dd792x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4cb919ad1236c9b23b9e86ae7e5dd792x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 684680ae1d0776c0b4939f5c20e9ccf3x000.xml: 333 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 684680ae1d0776c0b4939f5c20e9ccf3x000.xml: 32 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f04b6ececa1ea9ae4a116200df9063eex000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f04b6ececa1ea9ae4a116200df9063eex000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2f9841dd6da63873633151d88aaebbf0x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2f9841dd6da63873633151d88aaebbf0x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 026680323426163951b7247391656a73x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 026680323426163951b7247391656a73x000.xml: 62 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d0c9ed52c659ed1450c2b59a1d12ef39x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d0c9ed52c659ed1450c2b59a1d12ef39x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c395b4d70a2baa0b153ba1fd7b432bcx000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c395b4d70a2baa0b153ba1fd7b432bcx000.xml: 63 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4b98a560388859a824bab3c71ba4d818x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4b98a560388859a824bab3c71ba4d818x000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ab2ee624e37e890d8c4f30781753cd31x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ab2ee624e37e890d8c4f30781753cd31x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4347614a4b0497f36b1529b0e1d49e76x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4347614a4b0497f36b1529b0e1d49e76x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 980e9082aa31b750d8352da8f9dcdf66x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 980e9082aa31b750d8352da8f9dcdf66x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f881635cbb908488a7406d9b372561ebx000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f881635cbb908488a7406d9b372561ebx000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3e352b00c675e8114b8e7a2aa1b6b8f6x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3e352b00c675e8114b8e7a2aa1b6b8f6x000.xml: 31 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0b8bebe3f11bf3bdd7d735025e9f7cdex000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0b8bebe3f11bf3bdd7d735025e9f7cdex000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 14da43993ebeed3904c4a25c9cde13e3x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 14da43993ebeed3904c4a25c9cde13e3x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f14a2e24362829dd339f0388c2d07f9ax000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f14a2e24362829dd339f0388c2d07f9ax000.xml: 46 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 76214e12627438fd9d0cd9ff0188aa27x000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 76214e12627438fd9d0cd9ff0188aa27x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 891361d7f67a4c69ddf2bcc6435498f6x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 891361d7f67a4c69ddf2bcc6435498f6x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 76f5ff24635e576f27f83d58f256401bx000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 76f5ff24635e576f27f83d58f256401bx000.xml: 15 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f6841d2b4e38552e884b66c4af477047x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f6841d2b4e38552e884b66c4af477047x000.xml: 47 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e5d554088e99116ac22d385cb55b88fx000.xml: 877 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e5d554088e99116ac22d385cb55b88fx000.xml: 16 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7ba9970e5b00d47753d35c8bf5536349x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7ba9970e5b00d47753d35c8bf5536349x000.xml: 0 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0ddf2440703891ed41c74e99d3b53a7fx000.xml: 1027 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0ddf2440703891ed41c74e99d3b53a7fx000.xml: 0 ms
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 97f4f16d51c494e9d51f0aa33d756b03x000.xml: 335 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 97f4f16d51c494e9d51f0aa33d756b03x000.xml: 15 ms
2018-09-23 02:12:42.036 Update progress: [I49502] sdds.data0910.xml: found supplement IDE554 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE554 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE554 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I49502] sdds.data0910.xml: found supplement IDE555 LATEST path= baseVersion= [included from product IDE554 LATEST path=]
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE555 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE555 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I49502] sdds.data0910.xml: found supplement IDE556 LATEST path= baseVersion= [included from product IDE555 LATEST path=]
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE556 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE556 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I49502] sdds.data0910.xml: found supplement IDE557 LATEST path= baseVersion= [included from product IDE556 LATEST path=]
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE557 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE557 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I49502] sdds.data0910.xml: found supplement IDE558 LATEST path= baseVersion= [included from product IDE557 LATEST path=]
2018-09-23 02:12:42.036 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE558 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE558 LATEST path=
2018-09-23 02:12:42.036 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-09-23 02:12:42.036 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c6dabdd85381b968bdd8d578bc00d73bx000.xml: 77124 bytes
2018-09-23 02:12:42.036 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c6dabdd85381b968bdd8d578bc00d73bx000.xml: 484 ms
2018-09-23 02:12:42.036 Update progress: [I19463] Product download size 197878933 bytes
2018-09-23 02:12:45.517 Update progress: [I19463] Syncing product IDE554 LATEST path=
2018-09-23 02:12:45.517 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 44e719233d06e680d25d04c651b57516x000.xml: 29483 bytes
2018-09-23 02:12:45.517 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 44e719233d06e680d25d04c651b57516x000.xml: 109 ms
2018-09-23 02:12:45.517 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 66fd184526be9623963ffea093ea3733x000.xml: 397 bytes
2018-09-23 02:12:45.517 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 66fd184526be9623963ffea093ea3733x000.xml: 16 ms
2018-09-23 02:12:45.517 Update progress: [I19463] Product download size 2861558 bytes
2018-09-23 02:12:45.767 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1c11dcbad3f1d7dc8e20079983ce02bdx000.xml: 5456 bytes
2018-09-23 02:12:45.767 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1c11dcbad3f1d7dc8e20079983ce02bdx000.xml: 15 ms
2018-09-23 02:12:45.892 Update progress: [I19463] Syncing product IDE555 LATEST path=
2018-09-23 02:12:45.892 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ed3c31d91cdbe6f4c5b2ad672e432fcbx000.xml: 37688 bytes
2018-09-23 02:12:45.892 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ed3c31d91cdbe6f4c5b2ad672e432fcbx000.xml: 94 ms
2018-09-23 02:12:45.892 Update progress: [I19463] Product download size 3236987 bytes
2018-09-23 02:12:46.298 Update progress: [I19463] Syncing product IDE556 LATEST path=
2018-09-23 02:12:46.298 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7cd4ca4f18730d24c4a6201531d9eaeex000.xml: 29986 bytes
2018-09-23 02:12:46.298 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7cd4ca4f18730d24c4a6201531d9eaeex000.xml: 63 ms
2018-09-23 02:12:46.298 Update progress: [I19463] Product download size 2518599 bytes
2018-09-23 02:12:46.532 Update progress: [I19463] Syncing product IDE557 LATEST path=
2018-09-23 02:12:46.532 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 77a1d735185cd175e0531ba9cd991315x000.xml: 5108 bytes
2018-09-23 02:12:46.532 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 77a1d735185cd175e0531ba9cd991315x000.xml: 16 ms
2018-09-23 02:12:46.532 Update progress: [I19463] Product download size 379663 bytes
2018-09-23 02:12:46.688 Update progress: [I19463] Syncing product IDE558 LATEST path=
2018-09-23 02:12:46.688 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2018-09-23 02:12:46.688 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 94 ms
2018-09-23 02:12:46.735 Installing updates...
2018-09-23 02:12:47.360 Error level 1
2018-09-23 02:12:52.377 Update successful
2018-09-23 02:12:58.934 Option all = no
2018-09-23 02:12:58.934 Option recurse = yes
2018-09-23 02:12:58.934 Option archive = no
2018-09-23 02:12:58.934 Option service = yes
2018-09-23 02:12:58.934 Option confirm = yes
2018-09-23 02:12:58.934 Option sxl = yes
2018-09-23 02:12:58.934 Option max-data-age = 35
2018-09-23 02:12:58.934 Option vdl-logging = yes
2018-09-23 02:12:58.949 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-09-23 02:12:58.949 Machine ID: 09ea84c992aa40239233d9e15a309a6e
2018-09-23 02:12:58.949 Component SVRTcli.exe version 2.7.0
2018-09-23 02:12:58.949 Component control.dll version 2.7.0
2018-09-23 02:12:58.949 Component SVRTservice.exe version 2.7.0
2018-09-23 02:12:58.949 Component engine\osdp.dll version 1.44.1.2420
2018-09-23 02:12:58.949 Component engine\veex.dll version 3.73.0.2420
2018-09-23 02:12:58.949 Component engine\savi.dll version 9.0.11.2420
2018-09-23 02:12:58.949 Component rkdisk.dll version 1.5.33.1
2018-09-23 02:12:58.949 Version info: Product version 2.7.0
2018-09-23 02:12:58.949 Version info: Detection engine 3.73.0
2018-09-23 02:12:58.949 Version info: Detection data 5.53
2018-09-23 02:12:58.949 Version info: Build date 7/17/2018
2018-09-23 02:12:58.949 Version info: Data files added 409
2018-09-23 02:12:58.949 Version info: Last successful update 9/23/2018 5:12:52 AM

2018-09-23 14:14:04.954 Could not open C:\hiberfil.sys
2018-09-23 14:14:04.954 Could not open C:\pagefile.sys
2018-09-23 14:30:54.075 Could not open C:\swapfile.sys
2018-09-23 14:30:54.107 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-09-23 14:30:54.107 Could not open C:\System Volume Information\{484c8960-bed1-11e8-8a3a-f46d041e5452}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-09-23 14:30:54.107 Could not open C:\System Volume Information\{507026a1-b3bc-11e8-8a35-f46d041e5452}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-09-23 14:30:54.107 Could not open C:\System Volume Information\{f0335ef1-a85a-11e8-8a35-f46d041e5452}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-09-23 14:31:01.934 Could not open C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Current Session
2018-09-23 14:31:01.934 Could not open C:\Users\koski\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2018-09-23 14:33:01.922 Could not open C:\Users\koski\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2018-09-23 14:33:01.922 Could not open C:\Users\koski\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2018-09-23 14:42:53.735 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2018-09-23 14:42:53.735 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2018-09-23 14:43:03.343 Could not open C:\Windows\System32\config\BBI
2018-09-23 14:43:03.389 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-09-23 14:43:03.389 Could not open C:\Windows\System32\config\RegBack\SAM
2018-09-23 14:43:03.389 Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-09-23 14:43:03.389 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-09-23 14:43:03.389 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-09-23 15:35:20.533 Could not open LOGICAL:0004:00000000
2018-09-23 15:35:20.548 Could not open E:\
2018-09-23 16:49:25.175 >>> Virus 'Mal/EncPk-ND' found in file L:\LATAUKSET 19.02\EasyAntiCheat.exe\FILE:0000
2018-09-23 16:49:25.175 Disinfection not offered
2018-09-23 17:13:22.271 >>> Virus 'Mal/Generic-S' found in file L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\bin\Launcher.exe
2018-09-23 17:13:29.764 >>> Virus 'Mal/Generic-S' found in file L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\Launcher.exe
2018-09-23 17:31:39.604 Could not open M:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream32.dll
2018-09-23 17:31:39.604 Could not open M:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream64.dll
2018-09-23 17:31:57.970 Could not open M:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream32.dll
2018-09-23 17:31:57.970 Could not open M:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream64.dll
2018-09-23 17:31:59.340 Could not open M:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream32.dll
2018-09-23 17:31:59.341 Could not open M:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream64.dll
2018-09-23 17:32:24.013 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream32.dll
2018-09-23 17:32:24.013 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream64.dll
2018-09-23 17:33:41.439 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream32.dll
2018-09-23 17:33:41.440 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream64.dll
2018-09-23 17:33:44.711 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\DCF\AppvIsvStream32.dll
2018-09-23 17:33:44.711 Could not open M:\Program Files (x86)\Microsoft Office\root\Office16\DCF\AppvIsvStream64.dll
2018-09-23 17:34:47.451 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll
2018-09-23 17:34:50.567 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\AppvIsvStream32.dll
2018-09-23 17:34:53.251 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll
2018-09-23 17:34:59.076 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AppvIsvStream32.dll
2018-09-23 17:35:11.049 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\AppvIsvStream32.dll
2018-09-23 17:35:11.703 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\AppvIsvStream32.dll
2018-09-23 17:35:24.923 Could not open M:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppvIsvStream64.dll
2018-09-23 19:41:21.162 The following items will be cleaned up:
2018-09-23 19:41:21.162 Mal/Generic-S
2018-09-23 19:41:21.162 Mal/EncPk-ND
2018-09-23 19:58:10.528 Threat 'Mal/Generic-S' has been cleaned up.
2018-09-23 19:58:10.528 File "L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\bin\Launcher.exe" belongs to malware 'Mal/Generic-S'.
2018-09-23 19:58:10.528 File "L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\bin\Launcher.exe" has been cleaned up.
2018-09-23 19:58:10.528 File "L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\Launcher.exe" belongs to malware 'Mal/Generic-S'.
2018-09-23 19:58:10.528 File "L:\Vanha PC\Programs\Mika mukaan\Peli talletukset\Worms 3D\Launcher.exe" has been cleaned up.
2018-09-23 19:58:10.528 Removal successful
2018-09-23 19:58:11.105 >>> Virus 'Mal/EncPk-ND' found in file L:\LATAUKSET 19.02\EasyAntiCheat.exe\FILE:0000
2018-09-23 19:58:11.105 Disinfection not offered
2018-09-23 19:58:11.904 Disinfection failed [0xa0040208]
2018-09-23 19:58:11.907 Error: cleanup failed.
2018-09-23 19:58:12.578 Error level 0

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[Ewokki]

Hi thx, what does the delfix "Reset system settings" do? And if I may ask why those fixes were made by Fixlog

 

[Broni]

Reset system settings does only one thing. It makes sure, hidden files are hidden.
Not sure about your second question.

 

[Broni]

The issue seems to be resolved.