Solved BitsAdmin "task3"

Skasix · Feb 2, 2017

A command prompt pops up very quickly with the following image http://imgur.com/OX241qn . Low res because of speed of popup.Also I am almost 100% positive it came after I installed some adware as I normally am smart enough to not fall for anything being on the internet long as I have and as soon as I saw it I canceled and no small text saying "Cancel to install software" but it installed a lot of adware (about 10) and I quickly got Malwarebytes and I did full scan,restarted but I couldn't log in whatsoever so I had to do system restore and now I have this Bitsadmin downloading stuff about every hour which I never had for past 4 months. Now here's the FRST and Addition logs

Skasix · Feb 2, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by andyh (administrator) on WASSUPMUHHOMEEG (02-02-2017 20:39:19)
Running from C:\Users\andyh\Downloads
Loaded Profiles: andyh (Available Profiles: defaultuser0 & andyh)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(LastPass) C:\Program Files (x86)\LastPass\lastapp_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files (x86)\Steam\steamapps\temp\431960\wallpaper64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClient.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUxHelper.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUxHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16687104 2016-08-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [695080 2015-09-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [LastApp] => C:\Program Files (x86)\LastPass\lastapp_x64.exe [20295760 2016-06-23] (LastPass)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Discord] => C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [ITHsoft] => C:\Users\andyh\AppData\Local\ITHsoft\7fa796f5a1ed27c008d0b7326bde59bb.exe
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Akworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\andyh\AppData\Local\ITHsoft\qljbagmd.dll
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [894464 2017-02-02] ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-01]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7e747c63-fafe-4b9e-b460-810d9cd488e0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a58be5c7-7641-416d-8d26-bad6e3723d22}: [DhcpNameServer] 10.0.1.1 10.0.1.3

Internet Explorer:
==================
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
SearchScopes: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=H21ztrmbl10BU,3aa22739-112d-4443-922f-c2a421047b5c,&vp=ch&prd=set_ch
CHR Profile: C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (Adblock Plus) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-01]
CHR Extension: (Black red shards) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Video Cutter) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2017-02-01]
CHR Extension: (Click&Clean App) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR Extension: (Audio Cutter) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-02-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-25] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-04-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-01] (@ByELDI) [File not signed]
R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253184 2016-12-12] (Intel Corporation)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-02] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvlddmkm.sys [13853248 2016-10-12] (NVIDIA Corporation)
S0 nvme; C:\Windows\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S0 ocznvme; C:\Windows\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-04-07] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 nbeknfgh; \??\C:\Windows\system32\drivers\nbeknfgh.sys [X]
S1 puamcozs; \??\C:\Windows\system32\drivers\puamcozs.sys [X]
S1 rtrilbvb; \??\C:\Windows\system32\drivers\rtrilbvb.sys [X]
S1 vbljrmwu; \??\C:\Windows\system32\drivers\vbljrmwu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Skasix · Feb 2, 2017

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 20:39 - 2017-02-02 20:39 - 02420736 _____ (Farbar) C:\Users\andyh\Downloads\FRST64.exe
2017-02-02 20:39 - 2017-02-02 20:39 - 00025369 _____ C:\Users\andyh\Downloads\FRST.txt
2017-02-02 20:39 - 2017-02-02 20:39 - 00000000 ____D C:\FRST
2017-02-02 17:12 - 2017-02-02 17:12 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign5d8e409d5df122be
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsignf68f30b6a9e70a96
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsignbe44eb4473d1f44f
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign4f60a385873a95a5
2017-02-02 17:01 - 2017-02-02 17:01 - 00001660 _____ C:\Users\Public\Desktop\Event[0].lnk
2017-02-02 17:01 - 2017-02-02 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Event[0] [GOG.com]
2017-02-02 16:57 - 2017-02-02 16:57 - 00000000 ____D C:\GOG Games
2017-02-02 16:30 - 2013-10-22 02:47 - 1025988608 _____ C:\Users\andyh\Desktop\The Stanley Parable.iso
2017-02-02 16:08 - 2017-02-02 16:08 - 00000000 ____D C:\Users\andyh\AppData\Local\Mega Limited
2017-02-02 16:06 - 2017-02-02 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-02 15:59 - 2017-02-02 17:31 - 00000000 ____D C:\Users\andyh\Documents\Heroes of the Storm
2017-02-02 15:59 - 2017-02-02 17:31 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-02 11:55 - 2017-02-02 14:49 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Citra
2017-02-01 20:00 - 2017-02-01 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2017-02-01 20:00 - 2017-02-01 20:00 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2017-02-01 19:08 - 2017-02-01 19:08 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-01 19:08 - 2017-02-01 19:08 - 00000000 ____D C:\ProgramData\Mr Blade Designs
2017-02-01 19:06 - 2017-02-01 19:35 - 00000000 ____D C:\Program Files (x86)\GOAT
2017-02-01 19:05 - 2017-02-01 19:05 - 00000000 ____D C:\Users\andyh\AppData\Local\VirtualStore
2017-02-01 19:01 - 2017-02-01 19:01 - 00000000 ____D C:\Windows\LastGood
2017-02-01 18:59 - 2017-02-01 18:59 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-02-01 18:59 - 2017-02-01 18:59 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-02-01 18:59 - 2016-07-16 06:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup
2017-02-01 18:59 - 2016-07-16 06:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup
2017-02-01 18:59 - 2016-07-16 06:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll.backup
2017-02-01 18:41 - 2017-02-01 18:41 - 00001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-02-01 17:46 - 2017-02-01 17:55 - 00000000 ____D C:\Windows\system32\SSL
2017-02-01 17:45 - 2017-02-01 17:45 - 00140288 _____ C:\Users\andyh\AppData\Roaming\Installer.dat
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Windows\system32\sstmp
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Users\andyh\AppData\Local\CrashRpt
2017-02-01 17:20 - 2017-02-01 18:41 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Rainmeter
2017-02-01 17:20 - 2017-02-01 17:20 - 00000000 ____D C:\Users\andyh\Documents\Rainmeter
2017-02-01 17:18 - 2017-02-01 18:41 - 00000000 ____D C:\Program Files\Rainmeter
2017-02-01 17:14 - 2017-02-01 21:23 - 00000000 ____D C:\SkinPack
2017-02-01 17:14 - 2017-02-01 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack
2017-02-01 17:14 - 2017-02-01 17:14 - 00000000 ___HD C:\W7P_Backups
2017-01-31 23:53 - 2017-01-31 23:53 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\DefaultCompany
2017-01-31 23:49 - 2017-01-31 23:49 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\ryoposo
2017-01-31 23:46 - 2017-01-31 23:46 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\Re_Zero
2017-01-31 22:16 - 2017-01-31 23:17 - 00000000 ____D C:\Users\andyh\AppData\Roaming\TeamViewer
2017-01-31 19:17 - 2017-02-01 21:23 - 00000000 ____D C:\Wallpaper.Engine
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\Users\andyh\AppData\Local\Ndemic Creations
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plague Inc Evolved Shadow Plague
2017-01-28 19:01 - 2017-02-01 21:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-28 19:01 - 2017-01-20 13:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-28 19:01 - 2017-01-20 13:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-28 19:01 - 2017-01-20 13:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-26 00:21 - 2017-01-26 00:21 - 00011482 _____ C:\Users\andyh\Documents\Undertale_-_100_MEGALOVANIA.mid
2017-01-25 23:39 - 2017-01-25 23:40 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Synthesia
2017-01-25 23:36 - 2017-01-27 14:09 - 00001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk
2017-01-25 10:53 - 2017-01-25 10:53 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\Oracle
2017-01-25 10:48 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 10:48 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-24 12:43 - 2017-01-24 12:43 - 00000000 ____D C:\Users\andyh\Documents\League of Legends
2017-01-23 22:17 - 2017-01-23 22:17 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-23 22:16 - 2017-02-02 18:47 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-23 22:16 - 2017-02-01 20:06 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-23 22:16 - 2017-02-01 20:06 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-23 22:16 - 2017-02-01 20:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-23 22:16 - 2017-02-01 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-23 22:16 - 2017-01-23 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-23 22:16 - 2017-01-23 22:16 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-23 22:16 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-23 00:55 - 2017-01-23 22:33 - 00000000 ____D C:\Users\andyh\temp
2017-01-23 00:55 - 2017-01-23 22:23 - 00000000 ____D C:\Users\andyh\AppData\Local\Pinnacle
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\Users\Public\Documents\Triple Scoop Music
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\Users\andyh\Documents\InstantCDDVD
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\ProgramData\Corel
2017-01-23 00:54 - 2017-01-23 22:32 - 00000000 ____D C:\Users\andyh\AppData\Local\Pinnacle_Studio_20
2017-01-23 00:54 - 2017-01-23 00:54 - 00000199 _____ C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt
2017-01-23 00:54 - 2017-01-23 00:54 - 00000000 ____D C:\Users\andyh\Documents\Pinnacle
2017-01-23 00:47 - 2017-02-01 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 20
2017-01-23 00:46 - 2017-01-23 22:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-01-23 00:46 - 2017-01-23 00:46 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2017-01-23 00:46 - 2017-01-23 00:46 - 00000000 ____D C:\Program Files (x86)\Pinnacle
2017-01-23 00:45 - 2017-01-23 00:47 - 00000000 ____D C:\ProgramData\Pinnacle
2017-01-22 22:53 - 2017-01-22 22:53 - 00000000 ____D C:\ProgramData\UniqueId
2017-01-22 22:53 - 2017-01-22 22:53 - 00000000 ____D C:\ProgramData\Pinnacle Log Files
2017-01-22 10:32 - 2017-01-23 22:21 - 00000000 ____D C:\Program Files (x86)\KMSPico
2017-01-16 21:45 - 2017-01-16 21:45 - 00000000 ____D C:\Users\andyh\AppData\Roaming\UBot Studio
2017-01-16 21:38 - 2017-01-16 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opt-In Software
2017-01-14 09:46 - 2017-01-14 09:47 - 00000000 ____D C:\Users\andyh\AppData\Roaming\FiraxisLive
2017-01-14 09:46 - 2017-01-14 09:46 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Steam
2017-01-14 09:22 - 2017-01-14 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM 2
2017-01-13 10:04 - 2017-01-13 10:04 - 00000000 ____D C:\Users\andyh\Documents\CPY_SAVES
2017-01-13 10:00 - 2017-01-13 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid
2017-01-13 03:27 - 2017-01-13 03:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-13 01:09 - 2017-01-13 16:14 - 00000000 ____D C:\Users\andyh\AppData\Local\PAYDAY 2
2017-01-13 00:45 - 2017-01-13 00:45 - 00000000 ____D C:\Program Files (x86)\505 Games
2017-01-13 00:33 - 2017-01-13 00:33 - 00000000 ____D C:\Users\andyh\Documents\EVE
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\AppData\Local\CCP
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\.QtWebEngineProcess
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\.EVE
2017-01-12 00:01 - 2017-01-13 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disgaea PC
2017-01-10 18:13 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 18:13 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 18:13 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:13 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 18:13 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 18:13 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 18:13 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 18:13 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 18:13 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 18:13 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 18:13 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 18:13 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 18:13 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 18:13 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 18:13 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 18:13 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 18:13 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 18:13 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 18:13 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 18:13 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 18:13 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 18:13 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 18:13 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 18:13 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:13 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 18:13 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:13 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:13 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 18:13 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 18:13 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:13 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:13 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 18:13 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 18:13 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 18:13 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 18:13 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 18:13 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:13 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 18:13 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 18:13 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 18:13 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:13 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 18:13 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 18:13 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 18:13 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:13 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 18:13 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 18:13 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 18:13 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 18:13 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:13 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:13 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 18:13 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 18:13 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 18:13 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:13 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 18:13 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 18:13 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 18:13 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 18:13 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 18:13 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 18:13 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 18:13 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 18:13 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 18:13 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 18:13 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 18:13 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:13 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 18:12 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 18:12 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 18:12 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 18:12 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 18:12 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 18:12 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 18:12 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 18:12 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 18:12 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 18:12 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 18:12 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 18:12 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 18:12 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 18:12 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 18:12 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 18:12 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 18:12 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 18:12 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 18:12 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 18:12 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:12 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 18:12 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 18:12 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:12 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 18:12 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 18:12 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 18:12 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 18:12 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 18:12 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 18:12 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 18:12 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 18:12 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 18:12 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 18:12 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 18:12 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 18:12 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 18:12 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 18:12 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 18:12 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 18:12 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:12 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 18:12 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 18:12 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 18:12 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:12 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 18:12 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:12 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 18:12 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 18:12 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 18:12 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 18:12 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 18:12 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 18:12 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 18:12 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 18:12 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 18:12 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 18:12 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 18:12 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 18:12 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 18:12 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 18:12 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-09 16:45 - 2017-01-09 16:45 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Tera_Awesomium
2017-01-07 19:18 - 2017-01-09 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaiba Ninja Gaiden Z
2017-01-07 19:16 - 2017-01-07 19:16 - 00000000 ____D C:\Users\andyh\AppData\Roaming\DarkSoulsII
2017-01-07 19:13 - 2017-01-07 19:15 - 00000000 ____D C:\Program Files (x86)\Dark Souls 2
2017-01-07 18:08 - 2017-01-07 19:15 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2.lnk
2017-01-07 18:04 - 2017-01-07 21:21 - 00000000 ____D C:\Users\andyh\AppData\Local\HyperLightDrifter
2017-01-07 18:03 - 2017-01-07 18:03 - 00000699 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper Light Drifter.lnk
2017-01-07 18:03 - 2017-01-07 18:03 - 00000000 ____D C:\Program Files\Hyper Light Drifter
2017-01-07 17:22 - 2017-01-07 17:22 - 00000000 ____D C:\Users\Public\Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 20:39 - 2016-12-15 22:01 - 00000000 ____D C:\Users\andyh\AppData\Local\Battle.net
2017-02-02 20:29 - 2016-12-16 15:43 - 00000000 ____D C:\Users\andyh\AppData\Roaming\obs-studio
2017-02-02 20:28 - 2016-12-15 21:23 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Skype
2017-02-02 19:49 - 2016-08-31 13:54 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-02 18:44 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-02 18:09 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-02 17:58 - 2016-12-15 22:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-02 17:30 - 2016-12-15 22:02 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-02-02 17:12 - 2016-12-16 23:07 - 00000000 ____D C:\Users\andyh\AppData\Local\CrashDumps
2017-02-02 16:08 - 2016-12-16 15:32 - 00000000 ___RD C:\Users\andyh\Desktop\Games
2017-02-02 15:34 - 2016-12-15 21:24 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 14:54 - 2016-12-16 15:36 - 00000000 ____D C:\Users\andyh\AppData\Roaming\uTorrent
2017-02-02 12:25 - 2016-12-11 06:15 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-02 11:29 - 2016-12-15 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-01 23:08 - 2016-12-17 12:23 - 00000000 ____D C:\Users\andyh\AppData\Roaming\vlc
2017-02-01 22:24 - 2016-12-16 16:09 - 00000000 ___RD C:\Users\andyh\Desktop\Meme
2017-02-01 21:59 - 2016-12-15 22:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-01 21:23 - 2016-12-18 09:41 - 00000000 ____D C:\Windows\SysWOW64\GPBAK
2017-02-01 21:23 - 2016-12-16 13:10 - 00000000 ____D C:\Users\defaultuser0
2017-02-01 21:23 - 2016-12-15 22:00 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Battle.net
2017-02-01 21:23 - 2016-12-11 06:12 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-02-01 21:23 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-02-01 21:21 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\registration
2017-02-01 21:20 - 2016-12-15 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Licenses
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\spool
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Licenses
2017-02-01 21:20 - 2016-07-16 01:04 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-01 19:12 - 2016-08-31 14:00 - 01910124 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 19:07 - 2016-12-15 21:19 - 00000000 ____D C:\Users\andyh\AppData\Local\Packages
2017-02-01 19:05 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Roaming\discord
2017-02-01 19:05 - 2016-12-15 21:19 - 00000000 __SHD C:\Users\andyh\IntelGraphicsProfiles
2017-02-01 19:05 - 2016-08-31 13:54 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-01 19:02 - 2016-09-08 15:59 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-01 19:01 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-01 18:59 - 2016-07-16 06:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-02-01 18:59 - 2016-07-16 06:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-02-01 18:59 - 2016-07-16 06:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll
2017-02-01 18:41 - 2016-12-15 21:18 - 00000000 ____D C:\Users\andyh
2017-02-01 18:24 - 2016-12-18 18:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Adobe
2017-01-28 19:01 - 2016-12-16 22:51 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003884 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-11 06:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-28 19:01 - 2016-12-11 06:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-28 19:01 - 2016-12-11 06:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 16:01 - 2016-12-15 21:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Comms
2017-01-28 03:48 - 2016-12-18 14:15 - 00000000 ____D C:\Users\andyh\AppData\Local\ElevatedDiagnostics
2017-01-27 21:11 - 2016-12-16 22:51 - 00016683 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-27 19:24 - 2016-12-26 22:45 - 00000000 ____D C:\Users\andyh\AppData\Local\osu!
2017-01-25 14:28 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-25 11:03 - 2016-12-15 22:11 - 00000000 ____D C:\ProgramData\Oracle
2017-01-25 10:53 - 2016-12-15 22:11 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-25 10:53 - 2016-12-15 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-25 10:53 - 2016-12-15 22:11 - 00000000 ____D C:\Program Files\Java
2017-01-25 10:45 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-01-23 22:18 - 2016-08-31 13:54 - 00297072 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-23 22:18 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-01-23 22:16 - 2016-12-19 22:25 - 00000000 ____D C:\Program Files\KMSpico
2017-01-22 10:46 - 2016-12-19 22:25 - 00003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-01-22 10:46 - 2016-12-19 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-01-21 20:28 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-21 17:23 - 2016-12-16 15:32 - 00000000 ___RD C:\Users\andyh\Desktop\PIC Stuff
2017-01-20 13:39 - 2016-12-16 22:51 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-20 09:07 - 2016-12-16 22:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-20 08:36 - 2016-12-16 22:51 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-14 11:06 - 2016-12-26 19:55 - 00000000 ____D C:\Users\andyh\AppData\Roaming\.minecraft
2017-01-14 09:46 - 2016-12-16 20:21 - 00000000 ____D C:\Users\andyh\Documents\My Games
2017-01-13 09:45 - 2017-01-01 22:24 - 00000000 ____D C:\Program Files (x86)\Razer
2017-01-13 09:45 - 2016-08-31 13:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-13 03:28 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 03:27 - 2016-09-08 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-13 03:27 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-11 16:20 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 16:20 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Local\Discord
2017-01-11 00:08 - 2016-12-16 22:18 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 00:06 - 2016-12-16 22:18 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 16:56 - 2016-12-19 19:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-07 22:44 - 2016-12-16 20:00 - 00000000 ____D C:\Users\andyh\AppData\Local\Warframe
2017-01-07 18:04 - 2016-12-18 18:47 - 00000000 ____D C:\ProgramData\Steam
2017-01-04 17:05 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Cursors
2017-01-04 15:55 - 2016-12-15 21:23 - 00000000 ____D C:\Users\andyh\AppData\Local\Google

==================== Files in the root of some directories =======

2017-02-01 17:45 - 2017-02-01 17:45 - 0140288 _____ () C:\Users\andyh\AppData\Roaming\Installer.dat
2017-01-23 00:54 - 2017-01-23 00:54 - 0000199 _____ () C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt
2017-02-02 00:51 - 2017-02-02 00:51 - 0000003 _____ () C:\Users\andyh\AppData\Local\updater.log
2016-12-11 06:12 - 2016-12-11 06:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-16 23:05 - 2016-12-16 23:05 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-16 22:51 - 2017-01-28 19:01 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 22:51 - 2017-01-27 21:11 - 0016683 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-01-22 10:32 - 2017-01-22 10:32 - 0061440 _____ (The Gentee Group) C:\Users\andyh\AppData\Local\Temp\genteert.dll
2017-02-01 20:06 - 2017-02-01 20:07 - 1331328 _____ ( ) C:\Users\andyh\AppData\Local\Temp\ICReinstall_SKINPACKS.EXE
2016-12-26 20:02 - 2016-12-26 20:02 - 0019968 _____ (Red Hat®, Inc.) C:\Users\andyh\AppData\Local\Temp\jansi-64-3953369057618738776.dll
2017-01-25 10:53 - 2017-01-25 10:53 - 0739904 _____ (Oracle Corporation) C:\Users\andyh\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-12-16 22:51 - 2016-12-12 18:30 - 0253376 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-16 22:51 - 2016-12-12 18:30 - 0334272 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-15 13:32

==================== End of FRST.txt ============================

Skasix · Feb 2, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by andyh (02-02-2017 20:39:52)
Running from C:\Users\andyh\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-16 02:15:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2044647893-1413394519-1903141041-500 - Administrator - Disabled)
andyh (S-1-5-21-2044647893-1413394519-1903141041-1003 - Administrator - Enabled) => C:\Users\andyh
DefaultAccount (S-1-5-21-2044647893-1413394519-1903141041-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2044647893-1413394519-1903141041-1002 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2044647893-1413394519-1903141041-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.1111.113 - Alps Electric)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.3 - 2K Games)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Event[0] (HKLM-x32\...\1976935743_is1) (Version: 2.3.0.4 - GOG.com)
GOAT (HKLM\...\GOAT) (Version: - neiio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hyper Light Drifter (HKLM\...\aHlwZXJsaWdodGRyaWZ0ZXI_is1) (Version: 1 - )
Intel(R) Chipset Device Software (x32 Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.5.1192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LastPass for Applications (HKLM-x32\...\LastApp) (Version: - LastPass)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metal Gear Solid V The Phantom Pain version 1.0.0.5 (HKLM-x32\...\{6240B6DA-BB48-4A7D-8360-DAF32226D850}_is1) (Version: 1.0.0.5 - Konami Digital Entertainment)
Metal Gear Solid V: The Phantom Pain (HKLM-x32\...\{48397BFF-7C01-4B64-8F1A-0D468DDE5D73}_is1) (Version: - Kojima Productions)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{5e3eda34-9b4d-4c1e-be58-f793ebf88e53}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pinnacle Studio 20 (HKLM-x32\...\{4D548AFA-B83A-4C39-A474-AAE833B320AD}) (Version: 20.1.0.10108 - Corel Corporation)
PlanetSide 2 (HKLM\...\Steam App 218230) (Version: - Daybreak Game Company)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version: - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witness ver. 1.0.(update 16) (HKLM-x32\...\{044295BC-FCD5-401C-933B-237FB46A7FE0}_is1) (Version: 1.0.(update 16) - *Let'sРlay*)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.1.7.0 - Manuel Hoefs (Zottel))
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-891f4afa-4f2c-4a69-8e8a-a473d827af00) (Version: - Epic Games, Inc.)
UxStyle (HKLM-x32\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC)
UxStyle (Version: 0.2.4.2 - The Within Network, LLC) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
Warframe (HKLM-x32\...\{B7D2D69F-71F8-4E4C-BAB6-AB7DAB4D5BA2}) (Version: 1.0.0 - Digital Extremes)
Web Proxy Checker (HKLM-x32\...\Web Proxy Checker_is1) (Version: - )
Windows Store Gift Card Promo (HKLM-x32\...\{9ED9AFAD-5EB3-456C-B76C-5C32D9AD6DD0}) (Version: 1.0.0.1 - Microsoft Corporation)
Yaiba Ninja Gaiden Z (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9B6A84E15DCE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10D5280A-5F11-455E-A860-2888E999F9FC} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1EA58F22-2F07-4183-8928-F1F44F985343} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {27C73FDD-F517-4C61-A162-7D704B7DBC17} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {29E17280-5E0A-4BCD-BA0B-9A5734EC1C49} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {32C6DE9D-8BBE-45A5-9455-625286C14422} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {46EA63E5-328A-462F-AC69-F4111311B966} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {5BBCF554-AC39-426F-B09E-8A61ED9F4335} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {64E16CAC-BD71-4785-9458-7D211A0BE835} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {67443416-EDAD-4F4B-8F1F-A3D715C59EEB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {74255643-B9B7-4845-9CB4-1C197543F425} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {7B6F5F7A-A695-4366-AA59-3991F4C1BDBA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {935D2637-67AF-4EC6-8A4E-8BE632633DE5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {9FA10931-DCEA-4865-89D9-F9CA96F188E0} - System32\Tasks\update-S-1-5-21-2044647893-1413394519-1903141041-1003 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {B5B95720-DE37-44DC-B4BF-60BBB762750E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-15] (Google Inc.)
Task: {BB1EF72B-692D-4CE9-A3E3-81068C6460D1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {D94EAA53-9461-4E6B-A0D2-3A77DCF385B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {EF830D6F-A809-4C74-BCB3-733071E66F46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-15] (Google Inc.)
Task: {F6058C9C-91AC-429A-B22C-321EAB28D990} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2044647893-1413394519-1903141041-1003.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\andyh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\andyh\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm

Skasix · Feb 2, 2017

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-16 22:16 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-11 06:13 - 2016-09-25 11:36 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 18:20 - 2016-09-24 18:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-01-10 18:12 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-23 14:50 - 2017-01-23 14:51 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 14:50 - 2017-01-23 14:51 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 14:50 - 2017-01-23 14:51 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-15 21:52 - 2016-12-15 21:53 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-01 09:00 - 2017-01-01 09:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2017-02-01 18:37 - 2017-02-02 13:09 - 00894464 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
2017-02-01 18:27 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-01 18:27 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-01 18:27 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-19 19:15 - 2017-01-19 19:15 - 01448936 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
2017-02-01 18:26 - 2017-01-25 02:29 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libglesv2.dll
2017-02-01 18:26 - 2017-01-25 02:29 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libegl.dll
2016-12-16 22:16 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-16 22:15 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:13 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:12 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:12 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-27 12:44 - 2017-01-27 12:44 - 04649976 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClient.exe
2017-01-27 12:44 - 2017-01-27 12:44 - 03532280 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUx.exe
2017-01-27 12:44 - 2017-01-27 12:44 - 03532280 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUxHelper.exe
2017-01-11 17:55 - 2017-01-11 17:55 - 31167576 _____ () C:\Users\andyh\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2016-12-11 06:14 - 2017-01-20 13:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-11 16:20 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 16:29 - 2017-01-11 16:29 - 01082880 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 16:29 - 2017-01-11 16:29 - 03750400 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 16:29 - 2017-01-11 16:29 - 00914432 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 16:29 - 2017-01-11 16:29 - 01127424 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-09-14 12:51 - 2016-12-28 06:41 - 08924872 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-11 16:20 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 16:20 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-12-15 21:51 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-15 21:51 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-15 21:51 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-15 21:51 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-02-01 19:05 - 2017-02-01 19:05 - 00148992 _____ () \\?\C:\Users\andyh\AppData\Local\Temp\C0B0.tmp.node
2017-01-11 16:29 - 2017-01-11 16:29 - 02658304 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 16:29 - 2017-01-11 16:29 - 02130432 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-12-15 21:52 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-06 00:15 - 2016-04-06 00:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-16 22:51 - 2017-01-20 08:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-16 22:51 - 2017-01-20 08:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-15 21:51 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libcef.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\ortp.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libEGL.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libGLESv2.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libglesv2.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libegl.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\ffmpegsumo.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 03337216 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01046016 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 02525696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 00583680 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-account-settings\rcp-be-lol-account-settings.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00582144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00729600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2017-01-27 12:44 - 2017-01-26 12:05 - 00641536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00563200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00707584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00866304 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00934400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2017-01-27 12:44 - 2017-01-27 12:44 - 00688640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00663040 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00630784 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 02492416 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2017-01-27 12:44 - 2017-01-27 12:44 - 00159224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\libexpat.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 02015232 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00559616 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00582144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00578048 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00606720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00564224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01127936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00955904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00557056 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01033728 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00685568 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01559552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00856064 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01189888 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00666112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00813568 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00538624 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 00552960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00624128 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00820224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 00585728 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00607744 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00663040 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00882176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00674304 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00679936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00668160 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00594944 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00611840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00737280 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00707584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00850944 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 01704448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00649216 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00779264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00579072 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00697856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2017-01-27 12:44 - 2017-01-24 12:43 - 00571392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00547328 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2017-01-27 12:44 - 2017-01-25 12:08 - 00624640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00607744 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2017-01-27 12:44 - 2016-12-15 22:17 - 00549888 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 55617504 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\libcef.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 01876448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\libglesv2.dll
2017-01-27 12:44 - 2016-12-15 22:10 - 00021984 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\libegl.dll
2016-06-01 09:17 - 2016-06-01 09:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 02231744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00598976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00334784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 01265600 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00242624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00298944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 02680768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00370112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 14929344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00789952 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00746432 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00125888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00065472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00031168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00037824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 09:19 - 2016-06-01 09:19 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 09:18 - 2016-06-01 09:18 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll

Skasix · Feb 2, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\andyh:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-12-18 18:29 - 00001030 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{B5E41121-3C8D-4DBA-A3C7-D736863480DD}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0368E985-3E65-4834-BA39-11B059974A5C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9CF9CCB-BC5B-4FED-BC5B-B389270EC57C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B7073950-3FD6-4405-BC32-8E136EDC5398}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{68220AB6-D79B-49CE-B36D-71F45D727B79}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{36BFFF5F-4142-4AF6-ACD2-700B215B4634}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{FFD5386F-5DDB-4380-A066-5639D27C89B4}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{1ABFB9F7-0062-4296-83BA-86809A7B8F04}] => C:\Users\andyh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44B7087C-9FC4-466B-907A-CAD1B125C113}] => C:\Users\andyh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{37B00A05-FBC6-49AC-8094-1E14DCC0A812}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{070EDB17-79ED-4BBA-AABC-20719C6BEABA}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{20254514-7205-44A9-B33F-74D620EF5758}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{706B95B3-9C1F-48FF-AFBD-C982F8A27250}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{F9FB7B0F-7750-4D0C-927D-F2A34F44749E}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{177D422B-CC24-4640-8D12-17445DC79465}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9EA4730B-7476-485B-86D6-4DB00DAA1883}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{780A90EE-20FF-4062-A14F-3C948423C891}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{62B5B019-8C43-441D-B1E5-032FAA0A48CF}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E11A9128-0DBB-418C-B4FE-6FB89BD9338A}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5927F4C8-005B-4E00-95A7-5C7B99EBEA2A}] => C:\Users\andyh\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{5DF66CC2-D2D4-4FA1-8B14-8A1C219A6A49}] => C:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{B4A48E13-1D5A-4610-BDA0-4FB45F54AD7D}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{DCF343C7-DF39-465F-8E6A-FA8F21B365B7}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{41094D18-E185-4939-89BD-06ACC472B402}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{740FB369-6481-4BA8-96E9-C695630842FD}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BC743DD8-540D-410C-821A-785F7E371BC0}] => C:\Users\andyh\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{24EEA070-3BB8-479A-B8C1-2332C311C0FA}] => C:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{72372AC3-7A19-48F4-9783-14EE9ECC6EEF}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E6F05660-2A9A-4D40-AC0E-6AD24281DDE5}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B96098E3-4E24-439A-A14E-DA6C8BE0922B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B11CF3E5-A841-411F-88E8-F24FD66437B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{64D404D7-710B-4397-8F85-168FBB08ADDA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF73A097-5FDB-4949-9760-E583BA065A79}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{DDBC33B2-2EA8-45C8-A855-4B2EEF884D59}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [TCP Query User{699AE589-1D46-4C12-95AF-A1088116B7BD}C:\games\saints row iv nosteam\saintsrowiv.exe] => C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [UDP Query User{B1C329AF-BC32-4503-8226-8784B07AC978}C:\games\saints row iv nosteam\saintsrowiv.exe] => C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [TCP Query User{D0FEA4BB-1AD1-4C22-9A89-84824599ED81}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{E1AD6D84-9DD3-49CA-9239-D57D55CA4E31}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{9F651195-11F7-4BC4-BF4B-F126053B482C}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7EA35370-7073-4391-9997-271E061DC64E}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F33BF1CF-1A30-45FE-A309-29BFD10068FC}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{A18B69A3-328B-4F64-A01D-83B30FF92E75}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{3463BC8C-9814-42A6-B94A-F7CEC6B07EEE}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{A9E4E40C-7FC9-4691-B7F0-1BDFE35236B1}] => C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{96C6AC5B-53F2-42DB-BB22-15422C00F539}] => C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{0512BE48-B49A-422A-9462-804F2D6EB3F5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{08782536-9C86-4EEC-9DEF-C5965599AB8A}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{DD83E231-0BEB-4FCC-9110-623DDB0151AA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9F90F572-CF5F-4E6F-A3B2-C08B1E8B65AE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{747EDD6E-3347-4FEF-8A9D-AB7976B31AF4}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{89A231F2-AAED-4901-B96F-A4D9EB5FE2A4}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{93EBB115-B4D3-49E4-B57E-AD03B3D81266}C:\games\quantum break\dx11\quantumbreak.exe] => C:\games\quantum break\dx11\quantumbreak.exe
FirewallRules: [UDP Query User{B6623502-8C16-49E0-A2BB-BE107042869E}C:\games\quantum break\dx11\quantumbreak.exe] => C:\games\quantum break\dx11\quantumbreak.exe
FirewallRules: [{F4265AE5-4F8B-4139-83FD-F8DD78B2D444}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{5432CB50-5E92-445C-BB55-F2520C7852B8}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{91CBE98D-63A7-4925-9405-A5F6E84C7B0B}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{3399E501-F73B-45D5-B425-43E1FFFBDA92}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [TCP Query User{314F3247-8EFE-4952-B612-17B431F220E4}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{7541D21C-BC97-4D3C-880C-2B0AD0879EB4}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{E7F5A73B-C0DF-43E1-8847-D60E7F24133F}C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe] => C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{ADC94DB4-1586-4CA7-93DB-B7BFA0CF7A03}C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe] => C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{683FDB92-3D9D-452E-ACD2-3587626CFB94}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{7C5C9E8A-694B-477C-BBD3-DC33319E2712}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{C353F3AD-8516-4A11-9D2B-A598D2EF02FB}] => C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{D0FF0F13-5A49-4DC8-A31E-A0102AEF96C8}] => C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{AEF943CA-1D25-4430-AD93-FDCFA3F64A06}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{9FAA4F12-2A18-4573-81ED-D5A9D6AEAF4B}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{221B8090-78D3-4CCB-A176-37592C480FE9}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{59F7B6F0-D945-42EA-9B03-87FADF9BDBAF}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{A2FCDBAB-7AEC-4803-8BB4-B04A4A8205E3}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{581C8C85-D927-4D70-AB5E-DE41EBAA3928}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{6209EC1F-0641-452D-B232-6BF3991419BE}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{2A34334E-54B9-4D35-9D9E-C5C4DACA6DB7}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{3FD565B2-292A-4A82-AB0B-6A8CB63D66FF}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{857BDF5D-4F48-4F4A-946E-6E6529BA0A0D}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{31454C12-13C8-4C9C-89FF-50F77A5A0F48}] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{C09433A1-33A4-42B6-9851-4755090104A3}] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{99375298-5E08-4487-B2CA-C1DCDEA0C05F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F0DEED43-BAAE-43BA-94A5-7C02A53A6A31}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DEA1E158-5F70-4879-ACED-B8C79E735769}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe

==================== Restore Points =========================

22-01-2017 20:48:19 Scheduled Checkpoint
31-01-2017 20:56:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2017 06:57:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy3

Error: (02/02/2017 05:45:27 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy3

Error: (02/02/2017 05:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 18.0.0.53, time stamp: 0x57fde9fd
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc000041d
Fault offset: 0x000000000003f5ee
Faulting process id: 0x3788
Faulting application start time: 0x01d27da13dd3dbd9
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 87f3d030-1b64-4ed5-88a5-544173770b03
Faulting package full name:
Faulting package-relative application ID:

Error: (02/02/2017 05:12:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 18.0.0.53, time stamp: 0x57fde9fd
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000003f5ee
Faulting process id: 0x3788
Faulting application start time: 0x01d27da13dd3dbd9
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: a897488a-bb2f-46f3-9ec9-0e72fde3143a
Faulting package full name:
Faulting package-relative application ID:

Error: (02/02/2017 05:04:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\BGRnd.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 05:04:44 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 05:04:44 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\ResDebugU.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 05:04:44 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 05:04:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

Error: (02/02/2017 05:04:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\PinnacleStudio.EXE".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/02/2017 05:12:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 01:24:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 12:05:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:05:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wallpaper Engine Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/01/2017 07:05:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:04:14 PM on ‎2/‎1/‎2017 was unexpected.

Error: (02/01/2017 06:24:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 06:24:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2016-12-18 17:52:28.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-17 09:45:53.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 16101.26 MB
Available physical RAM: 9545.81 MB
Total Virtual: 18533.26 MB
Available Virtual: 8925.15 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.53 GB) (Free:143.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 5608EA13)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Feb 2, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Skasix · Feb 3, 2017

For malwarebytes, I couldn't find log and only found reports(not .txt file log), so here's the logs of Junkware Removal Tool and after, Roguekiller but not AdwCleaner because of lack of time and things to finish up. Also for RogueKiller I did default free non-customizable scan and opened report and got rk_EC6F.txt not quite what you wanted but should work and nothing was on my desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by andyh (Administrator) on Fri 02/03/2017 at 0:19:00.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\end (File)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\andyh\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-2044647893-1413394519-1903141041-1003 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-2044647893-1413394519-1903141041-1003.job (Task)
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D825E1D-057D-4728-8F64-0608FB9D5669} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/03/2017 at 0:21:12.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Skasix · Feb 3, 2017

RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : andyh [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/03/2017 00:22:51 (Duration : 00:17:53)

¤¤¤ Processes : 2 ¤¤¤
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] Service_KMS.exe(2304) -- C:\Program Files\KMSpico\Service_KMS.exe[-] -> Killed [TermProc]
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] (SVC) Service KMSELDI -- C:\Program Files\KMSpico\Service_KMS.exe[-] -> ERROR [6d]

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\RunBooster -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\IM -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Windows\CurrentVersion\Run | ITHsoft : C:\Users\andyh\AppData\Local\ITHsoft\7fa796f5a1ed27c008d0b7326bde59bb.exe [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\andyh\AppData\Local\ITHsoft\qljbagmd.dll [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Windows\CurrentVersion\Run | ITHsoft : C:\Users\andyh\AppData\Local\ITHsoft\7fa796f5a1ed27c008d0b7326bde59bb.exe [x] -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\andyh\AppData\Local\ITHsoft\qljbagmd.dll [x] -> ERROR [2]
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a58be5c7-7641-416d-8d26-bad6e3723d22} | DhcpNameServer : 10.0.1.1 10.0.1.3 ([][]) -> Replaced ()

¤¤¤ Tasks : 2 ¤¤¤
[PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deleted
[Suspicious.Path] \OneDrive Standalone Update Task -- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe -> Deleted

¤¤¤ Files : 7 ¤¤¤
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Deleted
[Tr.Gen0][File] C:\Users\andyh\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Not selected
[Tr.Gen0][File] C:\Users\andyh\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Not selected
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\installAll.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Groove -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLRegWOW.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Visio -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Lync -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\pkeyconfig-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd -> Deleted

Skasix · Feb 3, 2017

PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\proplus.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\visio.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-bridge-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-stil.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Mondo -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\pkeyconfig-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ppd.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2016 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Education -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW10 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\Business -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW6\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW6 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\pkeyconfig-embedded.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Embedded -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW7 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\CoreN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\plugin-manifests-signed -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\addons\APPXLOB-Client -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\addons\OCUR -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\addons -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\issuance -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\legacy -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\pkeyconfig -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\ppdlic -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\rules -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\skus\csvlk-pack -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\skus\Enterprise -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens\skus -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\tokens -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\Professional -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW8 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Core -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\Professional -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-rtm.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertW81 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\Cert.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\certELDI.pfx -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\OpenVPN.cer -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\tap-windows-9.21.0.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\UnInstallDriver.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\driver -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Error.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Information.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Question.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Warning.png -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\icons -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\AutoPico.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\KMSELDI.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\Service_KMS.log -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\logs -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\AddExceptionsWD.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\AddExceptions_Defender.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\DisableSmartScreen.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Service.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Task.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Log.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\RemoveExceptionsWD.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Restore_Watermark.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Silent.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\scripts -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Service_KMS.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\affirmative.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\begin.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\complete.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\diagnostic.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\enterauthorizationcode.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\incomingtransmission.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputfailed.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputok.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\processing.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\transfer.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\verified.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\warning.mp3 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\sounds -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\cache\cache.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows\cache -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\data.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\UninsHs.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Vestris.ResourceLib.dll -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\x64 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\x86 -> Deleted
[PUP.HackTool][Folder] C:\Program Files (x86)\KMSPico -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\7fa796f5a1ed27c008d0b7326bde59bb.exe -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\bat\jaykms.bat -> Deleted
[PUP.HackTool][Folder] C:\Program Files (x86)\KMSPico\bat -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\best erning installers\KMSpico_patch-177868385.exe -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\best erning installers\Registrypatch.exe -> Deleted
[PUP.HackTool][Folder] C:\Program Files (x86)\KMSPico\best erning installers -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\jaykms.bat -> Deleted
[PUP.HackTool][File] C:\Program Files (x86)\KMSPico\{D57AA9CA-1EAE-D97C-C069-281E64FE23FC} -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www-searching.com/?pid=s&s=H...112d-4443-922f-c2a421047b5c,&vp=ch&prd=set_ch] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SUV400S37480G +++++
--- User ---
[MBR] 385d627bf261e71699bbc1871011efcd
[BSP] fb2ce25a7d92dabad9a22fa5e2183e35 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 457245 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 936677376 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

Broni · Feb 3, 2017

I still need AdwCleaner log and please re-run MBAM one more time.

Skasix · Feb 3, 2017

And here's the short AdwCleaner and while restarting it did get stuck so I had to force shutdown holding down power button as laptop has a battery where I have to unscrew it in order to remove battery.

# AdwCleaner v6.043 - Logfile created 03/02/2017 at 20:26:27
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : andyh - WASSUPMUHHOMEEG
# Running from : C:\Users\andyh\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Windows\SysWoW64\sstmp

***** [ Files ] *****

[-] File deleted: C:\Users\andyh\AppData\Roaming\Installer.dat

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-searching.com/?pid=s&s=H21ztrmbl10BU,3aa22739-112d-4443-922f-c2a421047b5c,&vp=ch&prd=set_ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1061 Bytes] - [03/02/2017 20:26:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1355 Bytes] - [03/02/2017 20:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1207 Bytes] ##########

Skasix · Feb 4, 2017

While re-installing Malwarebytes I got an error where the mbae64.sys couldn't be edited even though I ran as admin so I had to ignore it.I'm also assuming MBAM is Malwarebytes because only that starts with M. No threats were found or quarantined

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/4/17
Scan Time: 10:41 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1179
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: WASSUPMUHHOMEEG\andyh

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419266
Time Elapsed: 3 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Broni · Feb 4, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Skasix · Feb 4, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by andyh (administrator) on WASSUPMUHHOMEEG (04-02-2017 19:14:58)
Running from C:\Users\andyh\Downloads
Loaded Profiles: andyh (Available Profiles: defaultuser0 & andyh)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(LastPass) C:\Program Files (x86)\LastPass\lastapp_x64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16687104 2016-08-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [695080 2015-09-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [LastApp] => C:\Program Files (x86)\LastPass\lastapp_x64.exe [20295760 2016-06-23] (LastPass)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Discord] => C:\Users\andyh\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [894464 2017-02-02] ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-02-01]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7e747c63-fafe-4b9e-b460-810d9cd488e0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Adblock Plus) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-01]
CHR Extension: (Black red shards) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Video Cutter) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2017-02-01]
CHR Extension: (Click&Clean App) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR Extension: (Audio Cutter) - C:\Users\andyh\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-02-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-25] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-04-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253184 2016-12-12] (Intel Corporation)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-04] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvlddmkm.sys [13853248 2016-10-12] (NVIDIA Corporation)
S0 nvme; C:\Windows\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S0 ocznvme; C:\Windows\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-04-07] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 nbeknfgh; \??\C:\Windows\system32\drivers\nbeknfgh.sys [X]
S1 puamcozs; \??\C:\Windows\system32\drivers\puamcozs.sys [X]
S1 rtrilbvb; \??\C:\Windows\system32\drivers\rtrilbvb.sys [X]
S1 vbljrmwu; \??\C:\Windows\system32\drivers\vbljrmwu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 19:14 - 2017-02-04 19:15 - 00023239 _____ C:\Users\andyh\Downloads\FRST.txt
2017-02-04 19:14 - 2017-02-04 19:14 - 02420736 _____ (Farbar) C:\Users\andyh\Downloads\FRST64.exe
2017-02-04 12:26 - 2017-02-04 12:26 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\Ocelot Society
2017-02-04 10:40 - 2017-02-04 10:40 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-03 20:15 - 2017-02-03 20:42 - 00000000 ____D C:\AdwCleaner
2017-02-03 16:21 - 2017-02-03 16:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsignc253c54115dea1d7
2017-02-03 16:21 - 2017-02-03 16:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign71269e6d44a148b0
2017-02-03 16:21 - 2017-02-03 16:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign64bb78cf04463499
2017-02-03 16:21 - 2017-02-03 16:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign62f7056c1a26ac99
2017-02-03 16:21 - 2017-02-03 16:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign1b9ece77b80a1156
2017-02-03 00:35 - 2017-02-03 00:35 - 00001783 _____ C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wallpaper64.lnk
2017-02-03 00:11 - 2017-02-03 00:11 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-03 00:09 - 2017-02-03 00:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-02 20:39 - 2017-02-04 19:14 - 00000000 ____D C:\FRST
2017-02-02 17:12 - 2017-02-02 17:12 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign5d8e409d5df122be
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsignf68f30b6a9e70a96
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsignbe44eb4473d1f44f
2017-02-02 17:11 - 2017-02-02 17:11 - 00000000 ____D C:\Users\andyh\AppData\Local\Tempzxpsign4f60a385873a95a5
2017-02-02 17:01 - 2017-02-02 17:01 - 00001660 _____ C:\Users\Public\Desktop\Event[0].lnk
2017-02-02 17:01 - 2017-02-02 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Event[0] [GOG.com]
2017-02-02 16:57 - 2017-02-02 16:57 - 00000000 ____D C:\GOG Games
2017-02-02 16:30 - 2013-10-22 02:47 - 1025988608 _____ C:\Users\andyh\Desktop\The Stanley Parable.iso
2017-02-02 16:08 - 2017-02-02 16:08 - 00000000 ____D C:\Users\andyh\AppData\Local\Mega Limited
2017-02-02 16:06 - 2017-02-02 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-02 15:59 - 2017-02-02 17:31 - 00000000 ____D C:\Users\andyh\Documents\Heroes of the Storm
2017-02-02 15:59 - 2017-02-02 17:31 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-02 11:55 - 2017-02-02 14:49 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Citra
2017-02-01 20:00 - 2017-02-01 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2017-02-01 20:00 - 2017-02-01 20:00 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2017-02-01 19:08 - 2017-02-01 19:08 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-01 19:08 - 2017-02-01 19:08 - 00000000 ____D C:\ProgramData\Mr Blade Designs
2017-02-01 19:06 - 2017-02-01 19:35 - 00000000 ____D C:\Program Files (x86)\GOAT
2017-02-01 19:05 - 2017-02-01 19:05 - 00000000 ____D C:\Users\andyh\AppData\Local\VirtualStore
2017-02-01 19:01 - 2017-02-01 19:01 - 00000000 ____D C:\Windows\LastGood
2017-02-01 18:59 - 2017-02-01 18:59 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-02-01 18:59 - 2017-02-01 18:59 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-02-01 18:59 - 2016-07-16 06:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup
2017-02-01 18:59 - 2016-07-16 06:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup
2017-02-01 18:59 - 2016-07-16 06:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll.backup
2017-02-01 18:41 - 2017-02-01 18:41 - 00001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-02-01 17:46 - 2017-02-01 17:55 - 00000000 ____D C:\Windows\system32\SSL
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Windows\system32\sstmp
2017-02-01 17:20 - 2017-02-01 18:41 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Rainmeter
2017-02-01 17:20 - 2017-02-01 17:20 - 00000000 ____D C:\Users\andyh\Documents\Rainmeter
2017-02-01 17:18 - 2017-02-01 18:41 - 00000000 ____D C:\Program Files\Rainmeter
2017-02-01 17:14 - 2017-02-01 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack
2017-02-01 17:14 - 2017-02-01 17:14 - 00000000 ___HD C:\W7P_Backups
2017-01-31 23:53 - 2017-01-31 23:53 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\DefaultCompany
2017-01-31 23:49 - 2017-01-31 23:49 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\ryoposo
2017-01-31 23:46 - 2017-01-31 23:46 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\Re_Zero
2017-01-31 22:16 - 2017-01-31 23:17 - 00000000 ____D C:\Users\andyh\AppData\Roaming\TeamViewer
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\Users\andyh\AppData\Local\Ndemic Creations
2017-01-29 01:26 - 2017-01-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plague Inc Evolved Shadow Plague
2017-01-28 19:01 - 2017-02-01 21:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-28 19:01 - 2017-01-20 13:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-28 19:01 - 2017-01-20 13:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-28 19:01 - 2017-01-20 13:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-26 00:21 - 2017-01-26 00:21 - 00011482 _____ C:\Users\andyh\Documents\Undertale_-_100_MEGALOVANIA.mid
2017-01-25 23:39 - 2017-01-25 23:40 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Synthesia
2017-01-25 23:36 - 2017-01-27 14:09 - 00001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk
2017-01-25 10:53 - 2017-01-25 10:53 - 00000000 ____D C:\Users\andyh\AppData\LocalLow\Oracle
2017-01-25 10:48 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 10:48 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-24 12:43 - 2017-01-24 12:43 - 00000000 ____D C:\Users\andyh\Documents\League of Legends
2017-01-23 22:17 - 2017-01-23 22:17 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-23 22:16 - 2017-02-04 17:35 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-23 22:16 - 2017-02-04 10:40 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-23 22:16 - 2017-02-04 10:40 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-23 22:16 - 2017-02-04 10:40 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-23 22:16 - 2017-02-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-23 22:16 - 2017-01-23 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-23 22:16 - 2017-01-23 22:16 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-23 22:16 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-23 00:55 - 2017-01-23 22:33 - 00000000 ____D C:\Users\andyh\temp
2017-01-23 00:55 - 2017-01-23 22:23 - 00000000 ____D C:\Users\andyh\AppData\Local\Pinnacle
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\Users\Public\Documents\Triple Scoop Music
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\Users\andyh\Documents\InstantCDDVD
2017-01-23 00:55 - 2017-01-23 00:55 - 00000000 ____D C:\ProgramData\Corel
2017-01-23 00:54 - 2017-01-23 22:32 - 00000000 ____D C:\Users\andyh\AppData\Local\Pinnacle_Studio_20
2017-01-23 00:54 - 2017-01-23 00:54 - 00000199 _____ C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt
2017-01-23 00:54 - 2017-01-23 00:54 - 00000000 ____D C:\Users\andyh\Documents\Pinnacle
2017-01-23 00:47 - 2017-02-01 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 20
2017-01-23 00:46 - 2017-01-23 22:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-01-23 00:46 - 2017-01-23 00:46 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2017-01-23 00:46 - 2017-01-23 00:46 - 00000000 ____D C:\Program Files (x86)\Pinnacle
2017-01-23 00:45 - 2017-01-23 00:47 - 00000000 ____D C:\ProgramData\Pinnacle
2017-01-22 22:53 - 2017-01-22 22:53 - 00000000 ____D C:\ProgramData\UniqueId
2017-01-22 22:53 - 2017-01-22 22:53 - 00000000 ____D C:\ProgramData\Pinnacle Log Files
2017-01-16 21:45 - 2017-01-16 21:45 - 00000000 ____D C:\Users\andyh\AppData\Roaming\UBot Studio
2017-01-16 21:38 - 2017-01-16 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opt-In Software
2017-01-14 09:46 - 2017-01-14 09:47 - 00000000 ____D C:\Users\andyh\AppData\Roaming\FiraxisLive
2017-01-14 09:46 - 2017-01-14 09:46 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Steam
2017-01-14 09:22 - 2017-01-14 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XCOM 2
2017-01-13 10:04 - 2017-01-13 10:04 - 00000000 ____D C:\Users\andyh\Documents\CPY_SAVES
2017-01-13 10:00 - 2017-01-13 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid
2017-01-13 03:27 - 2017-01-13 03:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-13 01:09 - 2017-01-13 16:14 - 00000000 ____D C:\Users\andyh\AppData\Local\PAYDAY 2
2017-01-13 00:45 - 2017-01-13 00:45 - 00000000 ____D C:\Program Files (x86)\505 Games
2017-01-13 00:33 - 2017-01-13 00:33 - 00000000 ____D C:\Users\andyh\Documents\EVE
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\AppData\Local\CCP
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\.QtWebEngineProcess
2017-01-13 00:28 - 2017-01-13 00:28 - 00000000 ____D C:\Users\andyh\.EVE
2017-01-12 00:01 - 2017-01-13 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disgaea PC
2017-01-10 18:13 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 18:13 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 18:13 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:13 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 18:13 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 18:13 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll

Skasix · Feb 4, 2017

2017-01-10 18:13 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 18:13 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 18:13 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 18:13 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 18:13 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 18:13 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 18:13 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 18:13 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 18:13 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 18:13 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 18:13 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 18:13 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 18:13 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 18:13 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 18:13 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 18:13 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 18:13 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 18:13 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 18:13 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 18:13 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 18:13 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:13 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 18:13 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:13 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:13 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 18:13 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 18:13 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:13 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:13 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 18:13 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 18:13 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 18:13 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 18:13 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 18:13 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:13 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 18:13 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 18:13 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 18:13 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:13 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 18:13 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 18:13 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 18:13 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:13 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 18:13 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 18:13 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 18:13 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 18:13 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:13 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:13 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 18:13 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 18:13 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 18:13 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:13 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:13 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 18:13 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 18:13 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 18:13 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 18:13 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 18:13 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 18:13 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 18:13 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 18:13 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 18:13 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 18:13 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 18:13 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 18:13 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:13 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 18:12 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 18:12 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 18:12 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 18:12 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 18:12 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 18:12 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 18:12 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 18:12 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 18:12 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 18:12 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 18:12 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:12 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 18:12 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 18:12 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 18:12 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 18:12 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 18:12 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 18:12 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 18:12 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 18:12 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 18:12 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:12 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 18:12 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:12 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 18:12 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 18:12 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:12 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 18:12 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 18:12 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 18:12 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 18:12 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 18:12 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:12 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 18:12 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 18:12 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 18:12 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 18:12 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 18:12 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 18:12 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 18:12 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 18:12 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 18:12 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 18:12 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 18:12 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:12 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 18:12 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 18:12 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 18:12 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:12 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 18:12 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:12 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 18:12 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:12 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 18:12 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 18:12 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 18:12 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 18:12 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 18:12 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 18:12 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 18:12 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 18:12 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 18:12 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 18:12 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 18:12 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 18:12 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 18:12 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 18:12 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-09 16:45 - 2017-01-09 16:45 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Tera_Awesomium
2017-01-07 19:18 - 2017-01-09 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaiba Ninja Gaiden Z
2017-01-07 19:16 - 2017-01-07 19:16 - 00000000 ____D C:\Users\andyh\AppData\Roaming\DarkSoulsII
2017-01-07 19:13 - 2017-01-07 19:15 - 00000000 ____D C:\Program Files (x86)\Dark Souls 2
2017-01-07 18:08 - 2017-01-07 19:15 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2.lnk
2017-01-07 18:04 - 2017-01-07 21:21 - 00000000 ____D C:\Users\andyh\AppData\Local\HyperLightDrifter
2017-01-07 18:03 - 2017-01-07 18:03 - 00000699 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper Light Drifter.lnk
2017-01-07 18:03 - 2017-01-07 18:03 - 00000000 ____D C:\Program Files\Hyper Light Drifter
2017-01-07 17:22 - 2017-01-07 17:22 - 00000000 ____D C:\Users\Public\Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 19:13 - 2016-12-15 22:01 - 00000000 ____D C:\Users\andyh\AppData\Local\Battle.net
2017-02-04 19:13 - 2016-12-15 21:23 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Skype
2017-02-04 18:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-04 17:25 - 2016-12-15 22:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-04 15:26 - 2016-08-31 14:00 - 01988308 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 15:24 - 2016-12-15 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-04 15:23 - 2016-12-16 23:07 - 00000000 ____D C:\Users\andyh\AppData\Local\CrashDumps
2017-02-04 15:23 - 2016-08-31 13:54 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-04 12:26 - 2016-12-15 22:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-03 21:51 - 2016-12-15 21:18 - 00000000 ____D C:\Users\andyh
2017-02-03 20:44 - 2016-12-11 06:15 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-03 20:42 - 2016-12-18 18:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Adobe
2017-02-03 20:42 - 2016-12-15 21:19 - 00000000 __SHD C:\Users\andyh\IntelGraphicsProfiles
2017-02-03 20:40 - 2016-08-31 13:54 - 00301728 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-03 20:40 - 2016-08-31 13:54 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 20:26 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-03 19:45 - 2016-12-16 15:43 - 00000000 ____D C:\Users\andyh\AppData\Roaming\obs-studio
2017-02-03 15:09 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-03 00:44 - 2016-12-19 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-02-02 20:46 - 2016-12-17 12:23 - 00000000 ____D C:\Users\andyh\AppData\Roaming\vlc
2017-02-02 17:30 - 2016-12-15 22:02 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-02-02 16:08 - 2016-12-16 15:32 - 00000000 ___RD C:\Users\andyh\Desktop\Games
2017-02-02 15:34 - 2016-12-15 21:24 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 14:54 - 2016-12-16 15:36 - 00000000 ____D C:\Users\andyh\AppData\Roaming\uTorrent
2017-02-01 22:24 - 2016-12-16 16:09 - 00000000 ___RD C:\Users\andyh\Desktop\Meme
2017-02-01 21:23 - 2016-12-18 09:41 - 00000000 ____D C:\Windows\SysWOW64\GPBAK
2017-02-01 21:23 - 2016-12-16 13:10 - 00000000 ____D C:\Users\defaultuser0
2017-02-01 21:23 - 2016-12-15 22:00 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Battle.net
2017-02-01 21:23 - 2016-12-11 06:12 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-02-01 21:23 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-02-01 21:23 - 2016-07-16 01:04 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-01 21:21 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\registration
2017-02-01 21:20 - 2016-12-15 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Licenses
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\spool
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-01 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Licenses
2017-02-01 19:07 - 2016-12-15 21:19 - 00000000 ____D C:\Users\andyh\AppData\Local\Packages
2017-02-01 19:05 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Roaming\discord
2017-02-01 19:02 - 2016-09-08 15:59 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-01 19:01 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-01 18:59 - 2016-07-16 06:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-02-01 18:59 - 2016-07-16 06:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-02-01 18:59 - 2016-07-16 06:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll
2017-01-28 19:01 - 2016-12-16 22:51 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003884 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-16 22:51 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 19:01 - 2016-12-11 06:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-28 19:01 - 2016-12-11 06:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-28 19:01 - 2016-12-11 06:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 16:01 - 2016-12-15 21:21 - 00000000 ____D C:\Users\andyh\AppData\Local\Comms
2017-01-28 03:48 - 2016-12-18 14:15 - 00000000 ____D C:\Users\andyh\AppData\Local\ElevatedDiagnostics
2017-01-27 21:11 - 2016-12-16 22:51 - 00016683 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-27 19:24 - 2016-12-26 22:45 - 00000000 ____D C:\Users\andyh\AppData\Local\osu!
2017-01-25 14:28 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-25 11:03 - 2016-12-15 22:11 - 00000000 ____D C:\ProgramData\Oracle
2017-01-25 10:53 - 2016-12-15 22:11 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-25 10:53 - 2016-12-15 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-25 10:53 - 2016-12-15 22:11 - 00000000 ____D C:\Program Files\Java
2017-01-25 10:45 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-01-21 20:28 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-21 17:23 - 2016-12-16 15:32 - 00000000 ___RD C:\Users\andyh\Desktop\PIC Stuff
2017-01-20 13:39 - 2016-12-16 22:51 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-20 13:39 - 2016-12-16 22:51 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-20 09:07 - 2016-12-16 22:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-20 08:36 - 2016-12-16 22:51 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-14 11:06 - 2016-12-26 19:55 - 00000000 ____D C:\Users\andyh\AppData\Roaming\.minecraft
2017-01-14 09:46 - 2016-12-16 20:21 - 00000000 ____D C:\Users\andyh\Documents\My Games
2017-01-13 09:45 - 2017-01-01 22:24 - 00000000 ____D C:\Program Files (x86)\Razer
2017-01-13 09:45 - 2016-08-31 13:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-13 07:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-13 03:28 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 03:27 - 2016-09-08 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-13 03:27 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-11 16:20 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 16:20 - 2016-12-15 21:38 - 00000000 ____D C:\Users\andyh\AppData\Local\Discord
2017-01-11 00:08 - 2016-12-16 22:18 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 00:06 - 2016-12-16 22:18 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 16:56 - 2016-12-19 19:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-07 22:44 - 2016-12-16 20:00 - 00000000 ____D C:\Users\andyh\AppData\Local\Warframe
2017-01-07 18:04 - 2016-12-18 18:47 - 00000000 ____D C:\ProgramData\Steam

==================== Files in the root of some directories =======

2017-01-23 00:54 - 2017-01-23 00:54 - 0000199 _____ () C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt
2017-02-02 00:51 - 2017-02-02 00:51 - 0000003 _____ () C:\Users\andyh\AppData\Local\updater.log
2016-12-11 06:12 - 2016-12-11 06:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-16 22:51 - 2017-01-28 19:01 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 22:51 - 2017-01-27 21:11 - 0016683 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-03 00:10 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\andyh\AppData\Local\Temp\dllnt_dump.dll
2017-01-22 10:32 - 2017-01-22 10:32 - 0061440 _____ (The Gentee Group) C:\Users\andyh\AppData\Local\Temp\genteert.dll
2016-12-26 20:02 - 2016-12-26 20:02 - 0019968 _____ (Red Hat®, Inc.) C:\Users\andyh\AppData\Local\Temp\jansi-64-3953369057618738776.dll
2017-01-25 10:53 - 2017-01-25 10:53 - 0739904 _____ (Oracle Corporation) C:\Users\andyh\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-12-16 22:51 - 2016-12-12 18:30 - 0253376 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-16 22:51 - 2016-12-12 18:30 - 0334272 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-03 15:20

==================== End of FRST.txt ============================

Skasix · Feb 4, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by andyh (04-02-2017 19:15:26)
Running from C:\Users\andyh\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-16 02:15:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2044647893-1413394519-1903141041-500 - Administrator - Disabled)
andyh (S-1-5-21-2044647893-1413394519-1903141041-1003 - Administrator - Enabled) => C:\Users\andyh
DefaultAccount (S-1-5-21-2044647893-1413394519-1903141041-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2044647893-1413394519-1903141041-1002 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2044647893-1413394519-1903141041-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.1111.113 - Alps Electric)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.3 - 2K Games)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Event[0] (HKLM-x32\...\1976935743_is1) (Version: 2.3.0.4 - GOG.com)
GOAT (HKLM\...\GOAT) (Version: - neiio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hyper Light Drifter (HKLM\...\aHlwZXJsaWdodGRyaWZ0ZXI_is1) (Version: 1 - )
Intel(R) Chipset Device Software (x32 Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.5.1192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LastPass for Applications (HKLM-x32\...\LastApp) (Version: - LastPass)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metal Gear Solid V The Phantom Pain version 1.0.0.5 (HKLM-x32\...\{6240B6DA-BB48-4A7D-8360-DAF32226D850}_is1) (Version: 1.0.0.5 - Konami Digital Entertainment)
Metal Gear Solid V: The Phantom Pain (HKLM-x32\...\{48397BFF-7C01-4B64-8F1A-0D468DDE5D73}_is1) (Version: - Kojima Productions)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{5e3eda34-9b4d-4c1e-be58-f793ebf88e53}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pinnacle Studio 20 (HKLM-x32\...\{4D548AFA-B83A-4C39-A474-AAE833B320AD}) (Version: 20.1.0.10108 - Corel Corporation)
PlanetSide 2 (HKLM\...\Steam App 218230) (Version: - Daybreak Game Company)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version: - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witness ver. 1.0.(update 16) (HKLM-x32\...\{044295BC-FCD5-401C-933B-237FB46A7FE0}_is1) (Version: 1.0.(update 16) - *Let'sРlay*)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.1.7.0 - Manuel Hoefs (Zottel))
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-891f4afa-4f2c-4a69-8e8a-a473d827af00) (Version: - Epic Games, Inc.)
UxStyle (HKLM-x32\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC)
UxStyle (Version: 0.2.4.2 - The Within Network, LLC) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
Warframe (HKLM-x32\...\{B7D2D69F-71F8-4E4C-BAB6-AB7DAB4D5BA2}) (Version: 1.0.0 - Digital Extremes)
Web Proxy Checker (HKLM-x32\...\Web Proxy Checker_is1) (Version: - )
Windows Store Gift Card Promo (HKLM-x32\...\{9ED9AFAD-5EB3-456C-B76C-5C32D9AD6DD0}) (Version: 1.0.0.1 - Microsoft Corporation)
Yaiba Ninja Gaiden Z (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9B6A84E15DCE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10D5280A-5F11-455E-A860-2888E999F9FC} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1EA58F22-2F07-4183-8928-F1F44F985343} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {46EA63E5-328A-462F-AC69-F4111311B966} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {5BBCF554-AC39-426F-B09E-8A61ED9F4335} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {64E16CAC-BD71-4785-9458-7D211A0BE835} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {67443416-EDAD-4F4B-8F1F-A3D715C59EEB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {74255643-B9B7-4845-9CB4-1C197543F425} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {7B6F5F7A-A695-4366-AA59-3991F4C1BDBA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {B5B95720-DE37-44DC-B4BF-60BBB762750E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-15] (Google Inc.)
Task: {BB1EF72B-692D-4CE9-A3E3-81068C6460D1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {D94EAA53-9461-4E6B-A0D2-3A77DCF385B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {EF830D6F-A809-4C74-BCB3-733071E66F46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-15] (Google Inc.)
Task: {F6058C9C-91AC-429A-B22C-321EAB28D990} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\andyh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\andyh\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-16 22:16 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-11 06:13 - 2016-09-25 11:36 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 18:20 - 2016-09-24 18:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-12-16 22:16 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-16 22:15 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:13 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-23 14:50 - 2017-01-23 14:51 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 14:50 - 2017-01-23 14:51 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 14:50 - 2017-01-23 14:51 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-15 21:52 - 2016-12-15 21:53 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-01 18:37 - 2017-02-02 13:09 - 00894464 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
2017-01-01 08:59 - 2017-01-01 08:59 - 00173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2017-02-01 18:27 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-01 18:27 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-01 18:27 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-19 19:15 - 2017-01-19 19:15 - 01448936 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
2017-01-10 18:12 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:12 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:12 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-02 15:34 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 15:34 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-11 06:14 - 2017-01-20 13:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-16 22:51 - 2017-01-20 13:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-06 00:15 - 2016-04-06 00:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-01-11 16:20 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 16:29 - 2017-01-11 16:29 - 01082880 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 16:29 - 2017-01-11 16:29 - 03750400 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 16:29 - 2017-01-11 16:29 - 00914432 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 16:29 - 2017-01-11 16:29 - 01127424 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-11 16:20 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 16:20 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\andyh\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-03 20:42 - 2017-02-03 20:42 - 00148992 _____ () \\?\C:\Users\andyh\AppData\Local\Temp\2CB3.tmp.node
2017-01-11 16:29 - 2017-01-11 16:29 - 02658304 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 16:29 - 2017-01-11 16:29 - 02130432 _____ () \\?\C:\Users\andyh\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-12-15 21:51 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-15 21:51 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-15 21:51 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-15 21:51 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-15 21:51 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-15 21:51 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-15 21:52 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-15 21:51 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-16 22:51 - 2017-01-20 08:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-16 22:51 - 2017-01-20 08:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-16 22:51 - 2017-01-20 08:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-15 21:51 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libcef.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\ortp.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libEGL.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libGLESv2.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libglesv2.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\libegl.dll
2017-01-19 19:16 - 2017-01-19 19:16 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8293\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\andyh:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-12-18 18:29 - 00001030 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2044647893-1413394519-1903141041-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"

Skasix · Feb 4, 2017

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{B5E41121-3C8D-4DBA-A3C7-D736863480DD}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0368E985-3E65-4834-BA39-11B059974A5C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9CF9CCB-BC5B-4FED-BC5B-B389270EC57C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B7073950-3FD6-4405-BC32-8E136EDC5398}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{68220AB6-D79B-49CE-B36D-71F45D727B79}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{36BFFF5F-4142-4AF6-ACD2-700B215B4634}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{FFD5386F-5DDB-4380-A066-5639D27C89B4}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{1ABFB9F7-0062-4296-83BA-86809A7B8F04}] => C:\Users\andyh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44B7087C-9FC4-466B-907A-CAD1B125C113}] => C:\Users\andyh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{37B00A05-FBC6-49AC-8094-1E14DCC0A812}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{070EDB17-79ED-4BBA-AABC-20719C6BEABA}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{20254514-7205-44A9-B33F-74D620EF5758}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{706B95B3-9C1F-48FF-AFBD-C982F8A27250}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{F9FB7B0F-7750-4D0C-927D-F2A34F44749E}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{177D422B-CC24-4640-8D12-17445DC79465}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9EA4730B-7476-485B-86D6-4DB00DAA1883}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{780A90EE-20FF-4062-A14F-3C948423C891}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{62B5B019-8C43-441D-B1E5-032FAA0A48CF}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E11A9128-0DBB-418C-B4FE-6FB89BD9338A}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5927F4C8-005B-4E00-95A7-5C7B99EBEA2A}] => C:\Users\andyh\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{5DF66CC2-D2D4-4FA1-8B14-8A1C219A6A49}] => C:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{B4A48E13-1D5A-4610-BDA0-4FB45F54AD7D}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{DCF343C7-DF39-465F-8E6A-FA8F21B365B7}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{41094D18-E185-4939-89BD-06ACC472B402}] => C:\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{740FB369-6481-4BA8-96E9-C695630842FD}] => C:\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BC743DD8-540D-410C-821A-785F7E371BC0}] => C:\Users\andyh\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{24EEA070-3BB8-479A-B8C1-2332C311C0FA}] => C:\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{72372AC3-7A19-48F4-9783-14EE9ECC6EEF}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E6F05660-2A9A-4D40-AC0E-6AD24281DDE5}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B96098E3-4E24-439A-A14E-DA6C8BE0922B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B11CF3E5-A841-411F-88E8-F24FD66437B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{64D404D7-710B-4397-8F85-168FBB08ADDA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF73A097-5FDB-4949-9760-E583BA065A79}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{DDBC33B2-2EA8-45C8-A855-4B2EEF884D59}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [TCP Query User{699AE589-1D46-4C12-95AF-A1088116B7BD}C:\games\saints row iv nosteam\saintsrowiv.exe] => C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [UDP Query User{B1C329AF-BC32-4503-8226-8784B07AC978}C:\games\saints row iv nosteam\saintsrowiv.exe] => C:\games\saints row iv nosteam\saintsrowiv.exe
FirewallRules: [TCP Query User{D0FEA4BB-1AD1-4C22-9A89-84824599ED81}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{E1AD6D84-9DD3-49CA-9239-D57D55CA4E31}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe] => C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{9F651195-11F7-4BC4-BF4B-F126053B482C}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7EA35370-7073-4391-9997-271E061DC64E}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F33BF1CF-1A30-45FE-A309-29BFD10068FC}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{A18B69A3-328B-4F64-A01D-83B30FF92E75}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{3463BC8C-9814-42A6-B94A-F7CEC6B07EEE}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{A9E4E40C-7FC9-4691-B7F0-1BDFE35236B1}] => C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{96C6AC5B-53F2-42DB-BB22-15422C00F539}] => C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{0512BE48-B49A-422A-9462-804F2D6EB3F5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{08782536-9C86-4EEC-9DEF-C5965599AB8A}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{DD83E231-0BEB-4FCC-9110-623DDB0151AA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9F90F572-CF5F-4E6F-A3B2-C08B1E8B65AE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{747EDD6E-3347-4FEF-8A9D-AB7976B31AF4}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{89A231F2-AAED-4901-B96F-A4D9EB5FE2A4}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{93EBB115-B4D3-49E4-B57E-AD03B3D81266}C:\games\quantum break\dx11\quantumbreak.exe] => C:\games\quantum break\dx11\quantumbreak.exe
FirewallRules: [UDP Query User{B6623502-8C16-49E0-A2BB-BE107042869E}C:\games\quantum break\dx11\quantumbreak.exe] => C:\games\quantum break\dx11\quantumbreak.exe
FirewallRules: [{F4265AE5-4F8B-4139-83FD-F8DD78B2D444}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{5432CB50-5E92-445C-BB55-F2520C7852B8}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{91CBE98D-63A7-4925-9405-A5F6E84C7B0B}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [{3399E501-F73B-45D5-B425-43E1FFFBDA92}] => C:\Program Files (x86)\Disgaea PC\dis1_st.exe
FirewallRules: [TCP Query User{314F3247-8EFE-4952-B612-17B431F220E4}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{7541D21C-BC97-4D3C-880C-2B0AD0879EB4}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{E7F5A73B-C0DF-43E1-8847-D60E7F24133F}C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe] => C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{ADC94DB4-1586-4CA7-93DB-B7BFA0CF7A03}C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe] => C:\program files (x86)\505 games\payday 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{683FDB92-3D9D-452E-ACD2-3587626CFB94}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{7C5C9E8A-694B-477C-BBD3-DC33319E2712}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{C353F3AD-8516-4A11-9D2B-A598D2EF02FB}] => C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{D0FF0F13-5A49-4DC8-A31E-A0102AEF96C8}] => C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{AEF943CA-1D25-4430-AD93-FDCFA3F64A06}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{9FAA4F12-2A18-4573-81ED-D5A9D6AEAF4B}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{221B8090-78D3-4CCB-A176-37592C480FE9}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{59F7B6F0-D945-42EA-9B03-87FADF9BDBAF}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe
FirewallRules: [{A2FCDBAB-7AEC-4803-8BB4-B04A4A8205E3}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{581C8C85-D927-4D70-AB5E-DE41EBAA3928}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\NGStudio.exe
FirewallRules: [{6209EC1F-0641-452D-B232-6BF3991419BE}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{2A34334E-54B9-4D35-9D9E-C5C4DACA6DB7}] => C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe
FirewallRules: [{3FD565B2-292A-4A82-AB0B-6A8CB63D66FF}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{857BDF5D-4F48-4F4A-946E-6E6529BA0A0D}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{31454C12-13C8-4C9C-89FF-50F77A5A0F48}] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{C09433A1-33A4-42B6-9851-4755090104A3}] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{99375298-5E08-4487-B2CA-C1DCDEA0C05F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F0DEED43-BAAE-43BA-94A5-7C02A53A6A31}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DEA1E158-5F70-4879-ACED-B8C79E735769}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DE0C8ECA-30F9-4F92-A00D-17314C1D4B0F}C:\gog games\event[0]\event0.exe] => C:\gog games\event[0]\event0.exe
FirewallRules: [UDP Query User{14F90A42-96A0-44B4-8DE5-423D174DF35C}C:\gog games\event[0]\event0.exe] => C:\gog games\event[0]\event0.exe

==================== Restore Points =========================

22-01-2017 20:48:19 Scheduled Checkpoint
31-01-2017 20:56:26 Scheduled Checkpoint
03-02-2017 00:19:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 03:23:51 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy3

Error: (02/04/2017 03:23:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WASSUPMUHHOMEEG)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/04/2017 03:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5819bf0d
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x582588e6
Exception code: 0x00000004
Fault offset: 0x0000000000017788
Faulting process id: 0x10b4
Faulting application start time: 0x01d27f22651dfac7
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: f4ec691f-a784-4b7a-a4fa-f907db1a5a68
Faulting package full name: Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy
Faulting package-relative application ID: WindowsDefaultLockScreen

Error: (02/04/2017 03:08:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy3

Error: (02/04/2017 02:53:39 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy3

Error: (02/04/2017 11:27:55 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: WASSUPMUHHOMEEG)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy3

Error: (02/04/2017 10:47:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\BGRnd.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 10:47:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\UMI.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 10:47:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\ResDebugU.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 10:47:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Pinnacle\Studio 20\programs\RM.exe".Error in manifest or policy file "C:\Program Files (x86)\Pinnacle\Studio 20\programs\Avid.vfcore\Avid.vfcore.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/04/2017 03:08:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/04/2017 10:49:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/04/2017 12:56:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/03/2017 08:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/03/2017 08:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/03/2017 08:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/03/2017 08:40:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/03/2017 08:26:55 PM) (Source: DCOM) (EventID: 10010) (User: WASSUPMUHHOMEEG)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (02/03/2017 08:26:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/03/2017 08:26:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2016-12-18 17:52:28.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-17 09:45:53.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvqu.inf_amd64_c757f34d59e1f5d4\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16101.26 MB
Available physical RAM: 10483.45 MB
Total Virtual: 18533.26 MB
Available Virtual: 12262.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.53 GB) (Free:148.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 5608EA13)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Feb 4, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Skasix · Feb 5, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by andyh (05-02-2017 15:43:23) Run:1
Running from C:\Users\andyh\Downloads
Loaded Profiles: andyh (Available Profiles: defaultuser0 & andyh)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andyh\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S1 nbeknfgh; \??\C:\Windows\system32\drivers\nbeknfgh.sys [X]
S1 puamcozs; \??\C:\Windows\system32\drivers\puamcozs.sys [X]
S1 rtrilbvb; \??\C:\Windows\system32\drivers\rtrilbvb.sys [X]
S1 vbljrmwu; \??\C:\Windows\system32\drivers\vbljrmwu.sys [X]
2017-01-23 00:54 - 2017-01-23 00:54 - 0000199 _____ () C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt
2017-02-02 00:51 - 2017-02-02 00:51 - 0000003 _____ () C:\Users\andyh\AppData\Local\updater.log
2016-12-11 06:12 - 2016-12-11 06:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-16 22:51 - 2017-01-28 19:01 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 22:51 - 2017-01-27 21:11 - 0016683 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-03 00:10 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\andyh\AppData\Local\Temp\dllnt_dump.dll
2017-01-22 10:32 - 2017-01-22 10:32 - 0061440 _____ (The Gentee Group) C:\Users\andyh\AppData\Local\Temp\genteert.dll
2016-12-26 20:02 - 2016-12-26 20:02 - 0019968 _____ (Red Hat®, Inc.) C:\Users\andyh\AppData\Local\Temp\jansi-64-3953369057618738776.dll
2017-01-25 10:53 - 2017-01-25 10:53 - 0739904 _____ (Oracle Corporation) C:\Users\andyh\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-12-16 22:51 - 2016-12-12 18:30 - 0253376 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-12-16 22:51 - 2016-12-12 18:30 - 0334272 _____ (NVIDIA Corporation) C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI64.dll
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9B6A84E15DCE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\andyh\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
AlternateDataStreams: C:\Users\andyh:Heroes & Generals [38]

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
C:\Windows\SysWOW64\GroupPolicy\User => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\Futuremark SystemInfo Service => key removed successfully
Futuremark SystemInfo Service => service removed successfully
ibtsiva => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => key removed successfully
NVIDIA Wireless Controller Service => service removed successfully
HKLM\System\CurrentControlSet\Services\nbeknfgh => key removed successfully
nbeknfgh => service removed successfully
HKLM\System\CurrentControlSet\Services\puamcozs => key removed successfully
puamcozs => service removed successfully
HKLM\System\CurrentControlSet\Services\rtrilbvb => key removed successfully
rtrilbvb => service removed successfully
HKLM\System\CurrentControlSet\Services\vbljrmwu => key removed successfully
vbljrmwu => service removed successfully
C:\Users\andyh\AppData\Roaming\WASSUPMUHHOMEEG.MTBF.txt => moved successfully
C:\Users\andyh\AppData\Local\updater.log => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\NvTelemetryContainer.log => moved successfully
C:\ProgramData\NvTelemetryContainer.log_backup1 => moved successfully
C:\Users\andyh\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\andyh\AppData\Local\Temp\genteert.dll => moved successfully
C:\Users\andyh\AppData\Local\Temp\jansi-64-3953369057618738776.dll => moved successfully
C:\Users\andyh\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI32.dll => moved successfully
C:\Users\andyh\AppData\Local\Temp\NvTelemetryAPI64.dll => moved successfully
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9B6A84E15DCE} => key removed successfully
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-2044647893-1413394519-1903141041-1003_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => key removed successfully
C:\Users\andyh => ":Heroes & Generals" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog 15:43:30 ====

Broni · Feb 5, 2017

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Skasix · Feb 8, 2017

Security Checkup

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Skasix · Feb 8, 2017

Farbar Service Scanner

Farbar Service Scanner Version: 27-01-2016
Ran by andyh (administrator) on 08-02-2017 at 20:36:24
Running from "C:\Users\andyh\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Skasix · Feb 8, 2017

2017-02-09 01:39:36.875 Sophos Virus Removal Tool version 2.5.6
2017-02-09 01:39:36.875 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-02-09 01:39:36.875 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-09 01:39:36.875 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2017-02-09 01:39:36.875 Checking for updates...
2017-02-09 01:39:36.886 Update progress: proxy server not available
2017-02-09 01:39:44.199 Downloading updates...
2017-02-09 01:39:44.206 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-09 01:39:44.207 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-09 01:39:44.207 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-09 01:39:44.207 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-09 01:39:44.207 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-09 01:39:44.207 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=]
2017-02-09 01:39:44.207 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-09 01:39:44.207 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-09 01:39:44.207 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-09 01:39:44.281 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-09 01:39:44.281 Update progress: [I19463] Product download size 156130248 bytes
2017-02-09 01:39:47.130 Option all = no
2017-02-09 01:39:47.130 Option recurse = yes
2017-02-09 01:39:47.130 Option archive = no
2017-02-09 01:39:47.130 Option service = yes
2017-02-09 01:39:47.130 Option confirm = yes
2017-02-09 01:39:47.130 Option sxl = yes
2017-02-09 01:39:47.132 Option max-data-age = 35
2017-02-09 01:39:47.132 Option vdl-logging = yes
2017-02-09 01:39:47.136 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-02-09 01:39:47.136 Machine ID: 794cbc7b1fcc411baab41a05850352c9
2017-02-09 01:39:47.137 Component SVRTcli.exe version 2.5.6
2017-02-09 01:39:47.137 Component control.dll version 2.5.6
2017-02-09 01:39:47.137 Component SVRTservice.exe version 2.5.6
2017-02-09 01:39:47.137 Component engine\osdp.dll version 1.44.1.2270
2017-02-09 01:39:47.137 Component engine\veex.dll version 3.67.0.2270
2017-02-09 01:39:47.137 Component engine\savi.dll version 9.0.5.2270
2017-02-09 01:39:47.138 Component rkdisk.dll version 1.5.31.1
2017-02-09 01:39:47.138 Version info: Product version 2.5.6
2017-02-09 01:39:47.139 Version info: Detection engine 3.67.0
2017-02-09 01:39:47.139 Version info: Detection data 5.32
2017-02-09 01:39:47.139 Version info: Build date 10/4/2016
2017-02-09 01:39:47.139 Version info: Data files added 766
2017-02-09 01:39:47.139 Version info: Last successful update (not yet updated)
2017-02-09 01:39:51.265 Update progress: [I19463] Syncing product IDE536 LATEST path=
2017-02-09 01:39:51.265 Update progress: [I19463] Product download size 3527452 bytes
2017-02-09 01:39:51.473 Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-02-09 01:39:51.473 Update progress: [I19463] Product download size 2537599 bytes
2017-02-09 01:39:51.634 Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-02-09 01:39:51.634 Update progress: [I19463] Product download size 76632 bytes
2017-02-09 01:39:51.729 Installing updates...
2017-02-09 01:39:52.349 Error level 1
2017-02-09 01:39:54.212 Update successful
2017-02-09 01:40:04.986 Option all = no
2017-02-09 01:40:04.986 Option recurse = yes
2017-02-09 01:40:04.986 Option archive = no
2017-02-09 01:40:04.986 Option service = yes
2017-02-09 01:40:04.986 Option confirm = yes
2017-02-09 01:40:04.986 Option sxl = yes
2017-02-09 01:40:04.988 Option max-data-age = 35
2017-02-09 01:40:04.988 Option vdl-logging = yes
2017-02-09 01:40:04.991 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-02-09 01:40:04.991 Machine ID: 794cbc7b1fcc411baab41a05850352c9
2017-02-09 01:40:04.992 Component SVRTcli.exe version 2.5.6
2017-02-09 01:40:04.992 Component control.dll version 2.5.6
2017-02-09 01:40:04.992 Component SVRTservice.exe version 2.5.6
2017-02-09 01:40:04.992 Component engine\osdp.dll version 1.44.1.2280
2017-02-09 01:40:04.992 Component engine\veex.dll version 3.68.0.2280
2017-02-09 01:40:04.992 Component engine\savi.dll version 9.0.7.2280
2017-02-09 01:40:04.992 Component rkdisk.dll version 1.5.31.1
2017-02-09 01:40:04.992 Version info: Product version 2.5.6
2017-02-09 01:40:04.992 Version info: Detection engine 3.68.0
2017-02-09 01:40:04.992 Version info: Detection data 5.35
2017-02-09 01:40:04.992 Version info: Build date 1/10/2017
2017-02-09 01:40:04.992 Version info: Data files added 348
2017-02-09 01:40:04.992 Version info: Last successful update 2/8/2017 8:39:54 PM

2017-02-09 01:43:03.164 >>> Virus 'Mal/Generic-S' found in file C:\Games\Quantum Break\NoDVD\SKIDROW\dx11\steam_api64.dll
2017-02-09 01:43:03.164 >>> Virus 'Mal/Generic-S' found in file C:\Games\Quantum Break\NoDVD\SKIDROW\dx11\steam_api64.dll
2017-02-09 01:43:13.997 Could not open C:\hiberfil.sys
2017-02-09 01:43:14.026 Could not open C:\pagefile.sys
2017-02-09 01:50:13.172 The following items will be cleaned up:
2017-02-09 01:50:13.173 Mal/Generic-S

Broni · Feb 8, 2017

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

Solved BitsAdmin "task3"

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Attachments

Posts: 20 +0

Posts: 56,041 +516

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 56,041 +516

Similar threads