This topic is locked
i think i got some smart service trojan on my pc. wont let me open or install any malware removers and it wont let me reset my pc. i did the FRST thing already. here is the .Txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Zak (administrator) on DESKTOP-SOECPED (10-05-2017 09:22:27)
Running from C:\Users\Zak\Downloads
Loaded Profiles: Zak (Available Profiles: Zak & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Windows\Temp\gB2B2.tmp.exe
() C:\Windows\Temp\gA7EB.tmp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Spotify Ltd) C:\Users\Zak\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [gplyra] => C:\Users\Zak\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [svcvmx] => C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [Spotify] => C:\Users\Zak\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-22] (Spotify Ltd)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [uTorrent] => C:\Users\Zak\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [amling] => rundll32.exe "C:\Users\Zak\AppData\Local\amling.dll",amling <===== ATTENTION
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [Spotify Web Helper] => C:\Users\Zak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-22] (Spotify Ltd)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Run: [Gaijin.Net Agent] => C:\Users\Zak\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-05-08] (Gaijin Entertainment)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\MountPoints2: {9ffca4ee-9e49-11e6-b3bf-408d5c756789} - "E:\LaunchU3.exe" -a
Startup: C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-04-25] <===== ATTENTION
ShortcutTarget: WeatherBuddy.lnk -> C:\Users\Zak\AppData\Local\WeatherBuddy\WeatherBuddy.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1184263899-1235007467-3654102174-1002] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{5a770bc8-206b-4e9f-b624-44f483c7bc58}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{5a770bc8-206b-4e9f-b624-44f483c7bc58}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{6ff27a0f-8458-46f8-a407-ce1e041d98e0}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{6ff27a0f-8458-46f8-a407-ce1e041d98e0}: [DhcpNameServer] 192.168.1.1 74.40.74.40
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-1184263899-1235007467-3654102174-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-08] ()
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Zak\AppData\Local\Google\Chrome\User Data\Default [2017-05-10]
CHR Extension: (Docs) - C:\Users\Zak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-25]
CHR Extension: (Google Drive) - C:\Users\Zak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-25]
CHR Extension: (YouTube) - C:\Users\Zak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-25]
CHR Extension: (Gmail) - C:\Users\Zak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-25]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S2 Dataup; C:\Users\Zak\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-04-25] (hxxp://libusb-win32.sourceforge.net)
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-04-25] () <==== ATTENTION
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-10 09:22 - 2017-05-10 09:22 - 00011919 _____ C:\Users\Zak\Downloads\FRST.txt
2017-05-10 09:21 - 2017-05-10 09:22 - 00000000 ____D C:\FRST
2017-05-10 09:21 - 2017-05-10 09:21 - 02429440 _____ (Farbar) C:\Users\Zak\Downloads\FRST64.exe
2017-05-10 00:21 - 2017-05-10 00:21 - 00000017 _____ C:\Users\Zak\AppData\Local\resmon.resmoncfg
2017-05-10 00:06 - 2017-05-10 00:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\DBG
2017-05-10 00:03 - 2017-05-10 00:03 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\Zak\Downloads\SpyHunter-Installer (1).exe
2017-05-09 23:47 - 2017-05-09 23:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.com
2017-05-09 23:41 - 2017-05-09 23:41 - 00002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-09 23:41 - 2017-05-09 23:41 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-05-09 23:37 - 2017-05-09 23:38 - 60107896 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-09 23:36 - 2017-05-09 23:36 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2017-05-09 23:35 - 2017-05-09 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\llssoft
2017-05-09 23:35 - 2017-05-09 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-05-09 23:34 - 2017-05-10 09:07 - 00000000 ____D C:\Users\Administrator
2017-05-09 23:34 - 2017-05-09 23:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-05-09 23:34 - 2017-05-09 23:36 - 00002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-05-09 23:34 - 2017-05-09 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2017-05-09 23:34 - 2017-05-09 23:34 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-05-09 23:34 - 2017-05-09 23:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-05-09 23:28 - 2017-05-09 23:28 - 60107896 _____ (Malwarebytes ) C:\Users\Zak\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-09 23:04 - 2017-05-09 23:04 - 00000000 ____D C:\ESD
2017-05-09 22:56 - 2017-05-09 22:56 - 18357776 _____ (Microsoft Corporation) C:\Users\Zak\Downloads\MediaCreationTool.exe
2017-05-09 22:56 - 2017-05-09 22:56 - 06385872 _____ (Microsoft Corporation) C:\Users\Zak\Downloads\Windows10Upgrade9252.exe
2017-05-09 22:56 - 2017-05-09 22:56 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-05-09 22:56 - 2017-05-09 22:56 - 00000719 _____ C:\Users\Zak\Desktop\Windows 10 Upgrade Assistant.lnk
2017-05-09 22:56 - 2017-05-09 22:56 - 00000000 ___HD C:\$Windows.~WS
2017-05-09 22:56 - 2017-05-09 22:56 - 00000000 ____D C:\Windows10Upgrade
2017-05-09 21:30 - 2017-05-09 21:30 - 00000000 ___HD C:\$SysReset
2017-05-09 13:31 - 2017-04-27 21:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 13:31 - 2017-04-27 21:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 13:31 - 2017-04-27 21:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 13:31 - 2017-04-27 21:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 13:31 - 2017-04-27 21:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 13:31 - 2017-04-27 21:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 13:31 - 2017-04-27 21:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 13:31 - 2017-04-27 21:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 13:31 - 2017-04-27 21:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 13:31 - 2017-04-27 21:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 13:31 - 2017-04-27 21:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 13:31 - 2017-04-27 21:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-09 13:31 - 2017-04-27 21:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 13:31 - 2017-04-27 21:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 13:31 - 2017-04-27 21:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 13:31 - 2017-04-27 20:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 13:31 - 2017-04-27 20:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 13:31 - 2017-04-27 20:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 13:31 - 2017-04-27 20:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 13:31 - 2017-04-27 20:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 13:31 - 2017-04-27 20:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-09 13:31 - 2017-04-27 20:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 13:31 - 2017-04-27 20:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 13:31 - 2017-04-27 20:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 13:31 - 2017-04-27 20:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 13:31 - 2017-04-27 20:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 13:31 - 2017-04-27 20:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 13:31 - 2017-04-27 20:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 13:31 - 2017-04-27 20:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 13:31 - 2017-04-27 20:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 13:31 - 2017-04-27 20:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 13:31 - 2017-04-27 20:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 13:31 - 2017-04-27 20:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 13:31 - 2017-04-27 20:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 13:31 - 2017-04-27 20:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 13:31 - 2017-04-27 20:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 13:31 - 2017-04-27 20:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 13:31 - 2017-04-27 20:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-09 13:31 - 2017-04-27 20:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 13:31 - 2017-04-27 19:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 13:31 - 2017-04-27 19:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 13:31 - 2017-04-27 19:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 13:31 - 2017-04-27 19:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 13:31 - 2017-04-27 19:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 13:31 - 2017-04-27 19:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 13:31 - 2017-04-27 19:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 13:31 - 2017-04-19 03:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-09 13:31 - 2017-04-19 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-09 13:31 - 2017-04-19 02:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-09 13:31 - 2017-04-19 02:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-09 13:31 - 2017-04-19 02:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-09 13:31 - 2017-04-19 02:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-09 13:31 - 2017-04-19 02:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-09 13:31 - 2017-04-19 02:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-09 13:31 - 2017-04-19 02:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-09 13:31 - 2017-04-19 01:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-09 13:31 - 2017-04-19 01:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-09 13:31 - 2017-04-19 01:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-09 13:31 - 2017-04-19 01:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-09 13:31 - 2017-04-13 20:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-09 13:31 - 2017-04-13 20:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-09 13:31 - 2017-04-13 20:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-09 13:31 - 2017-04-13 20:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-09 13:31 - 2017-04-13 19:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-09 13:31 - 2017-04-13 19:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-09 13:31 - 2017-04-13 19:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-09 13:31 - 2017-04-13 19:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-09 13:31 - 2017-04-13 19:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-09 13:31 - 2017-04-13 19:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-09 13:31 - 2017-04-13 19:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-09 13:31 - 2017-04-13 19:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-09 13:31 - 2017-04-13 19:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-09 13:31 - 2017-04-13 19:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-09 13:31 - 2017-04-13 19:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-09 13:31 - 2017-04-13 19:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-09 13:31 - 2017-04-13 19:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-09 13:31 - 2017-04-13 19:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-09 13:31 - 2017-04-13 19:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-09 13:31 - 2017-04-13 19:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-09 13:31 - 2017-04-13 19:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-09 13:31 - 2017-04-13 19:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-09 13:31 - 2017-04-13 19:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-09 13:31 - 2017-04-13 19:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-09 13:31 - 2017-04-13 19:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-09 13:31 - 2017-04-13 19:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-09 13:31 - 2017-04-13 19:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-09 13:31 - 2017-04-13 19:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-09 13:31 - 2017-04-13 19:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-09 13:30 - 2017-04-27 21:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 13:30 - 2017-04-27 21:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 13:30 - 2017-04-27 21:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 13:30 - 2017-04-27 21:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 13:30 - 2017-04-27 21:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 13:30 - 2017-04-27 21:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 13:30 - 2017-04-27 20:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 13:30 - 2017-04-27 20:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 13:30 - 2017-04-27 20:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 13:30 - 2017-04-27 20:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 13:30 - 2017-04-27 20:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 13:30 - 2017-04-27 20:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 13:30 - 2017-04-27 20:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 13:30 - 2017-04-27 20:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 13:30 - 2017-04-27 20:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 13:30 - 2017-04-27 20:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 13:30 - 2017-04-27 20:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 13:30 - 2017-04-27 20:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 13:30 - 2017-04-27 20:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 13:30 - 2017-04-27 20:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 13:30 - 2017-04-27 20:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 13:30 - 2017-04-27 20:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 13:30 - 2017-04-27 20:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 13:30 - 2017-04-27 20:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 13:30 - 2017-04-27 20:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 13:30 - 2017-04-27 20:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 13:30 - 2017-04-27 20:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 13:30 - 2017-04-27 20:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 13:30 - 2017-04-27 20:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 13:30 - 2017-04-27 20:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 13:30 - 2017-04-27 20:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 13:30 - 2017-04-27 20:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 13:30 - 2017-04-27 20:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 13:30 - 2017-04-27 20:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 13:30 - 2017-04-27 20:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 13:30 - 2017-04-27 20:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 13:30 - 2017-04-27 20:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 13:30 - 2017-04-27 20:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 13:30 - 2017-04-27 20:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 13:30 - 2017-04-27 20:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 13:30 - 2017-04-27 20:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 13:30 - 2017-04-27 20:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-09 13:30 - 2017-04-27 20:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 13:30 - 2017-04-27 20:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 13:30 - 2017-04-27 20:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 13:30 - 2017-04-27 20:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 13:30 - 2017-04-27 20:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 13:30 - 2017-04-27 20:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 13:30 - 2017-04-27 20:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 13:30 - 2017-04-27 20:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 13:30 - 2017-04-27 20:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 13:30 - 2017-04-27 20:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 13:30 - 2017-04-27 20:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 13:30 - 2017-04-27 20:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 13:30 - 2017-04-27 20:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 13:30 - 2017-04-27 20:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 13:30 - 2017-04-27 20:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 13:30 - 2017-04-27 20:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 13:30 - 2017-04-27 19:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 13:30 - 2017-04-27 19:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 13:30 - 2017-04-27 19:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 13:30 - 2017-04-27 19:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 13:30 - 2017-04-27 19:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 13:30 - 2017-04-27 19:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 13:30 - 2017-04-27 19:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 13:30 - 2017-04-27 19:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 13:30 - 2017-04-27 19:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 13:30 - 2017-04-19 03:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-09 13:30 - 2017-04-19 03:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-09 13:30 - 2017-04-19 03:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-09 13:30 - 2017-04-19 02:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-09 13:30 - 2017-04-19 02:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-09 13:30 - 2017-04-19 02:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-09 13:30 - 2017-04-19 02:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-09 13:30 - 2017-04-19 02:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-09 13:30 - 2017-04-19 02:13 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-09 13:30 - 2017-04-19 02:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-09 13:30 - 2017-04-19 02:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-09 13:30 - 2017-04-19 02:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-09 13:30 - 2017-04-19 02:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-09 13:30 - 2017-04-19 02:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-09 13:30 - 2017-04-19 02:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-09 13:30 - 2017-04-19 02:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-09 13:30 - 2017-04-19 02:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-09 13:30 - 2017-04-19 02:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-09 13:30 - 2017-04-19 02:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-09 13:30 - 2017-04-19 02:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-09 13:30 - 2017-04-19 01:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-09 13:30 - 2017-04-19 01:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-09 13:30 - 2017-04-19 01:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-09 13:30 - 2017-04-19 01:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-09 13:30 - 2017-04-19 01:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-09 13:30 - 2017-04-19 01:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-09 13:30 - 2017-04-19 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-09 13:30 - 2017-04-19 01:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-09 13:30 - 2017-04-13 20:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-09 13:30 - 2017-04-13 20:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-09 13:30 - 2017-04-13 19:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-09 13:30 - 2017-04-13 19:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-09 13:30 - 2017-04-13 19:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-09 13:30 - 2017-04-13 19:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-09 13:30 - 2017-04-13 19:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-09 13:30 - 2017-04-13 19:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-09 13:30 - 2017-04-13 19:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-09 13:30 - 2017-04-13 19:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-09 13:30 - 2017-04-13 19:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-09 13:30 - 2017-04-13 19:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-09 13:30 - 2017-04-13 19:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-09 13:30 - 2017-04-13 19:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-09 13:30 - 2017-04-13 19:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-09 13:30 - 2017-04-13 19:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-09 13:30 - 2017-04-13 19:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-09 13:30 - 2017-04-13 19:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-09 13:30 - 2017-04-13 19:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-09 13:30 - 2017-04-13 19:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-09 13:30 - 2017-04-13 19:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-09 13:30 - 2017-04-13 19:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-09 13:30 - 2017-04-13 19:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-09 13:30 - 2017-04-13 19:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-09 13:30 - 2017-04-13 19:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-09 13:07 - 2017-05-09 13:07 - 00262144 ____N C:\WINDOWS\Minidump\050917-26343-01.dmp
2017-05-09 13:07 - 2017-05-09 13:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-08 23:00 - 2017-05-08 23:00 - 00000000 ____D C:\Users\Zak\AppData\Local\Gaijin
2017-05-08 23:00 - 2017-05-08 23:00 - 00000000 ____D C:\ProgramData\Gaijin
2017-05-08 20:57 - 2017-05-08 20:57 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-08 19:12 - 2017-05-08 19:12 - 00000222 _____ C:\Users\Zak\Desktop\War Thunder.url
2017-05-08 19:11 - 2017-05-08 23:09 - 00000000 ____D C:\Users\Zak\Downloads\Battlefield 1 PC game ^^nosTEAM^^RO
2017-05-08 19:05 - 2017-05-08 19:10 - 53704747 _____ C:\Users\Zak\Downloads\BF1.exe
2017-05-06 21:25 - 2017-05-06 21:25 - 00000000 ____D C:\ProgramData\7d2bd496-23c7-0
2017-05-06 21:23 - 2017-05-06 21:23 - 19048400 _____ (Oculus VR, LLC) C:\Users\Zak\Downloads\OculusCompatCheck.exe
2017-05-06 21:20 - 2017-05-06 21:20 - 00004178 _____ C:\WINDOWS\System32\Tasks\{C1D1D63F-767A-6194-4078-1CFA931918EC}
2017-05-06 21:20 - 2017-05-06 21:20 - 00003878 _____ C:\WINDOWS\System32\Tasks\{3953FD97-CEFF-D448-97D4-2B7D0CE71E12}
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\a27b6297
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\7d2bd496-3ac1-0
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\{799625DC-CE3D-9277-7979-112E60601D3C}
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\{285b26d9-412c-0}
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\{1edb0ebd-112c-0}
2017-05-06 21:20 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\{05166f7b-212c-1}
2017-04-27 18:52 - 2017-04-27 18:52 - 00000000 ____D C:\Users\Zak\Downloads\PopcornTime
2017-04-26 18:42 - 2017-04-26 18:42 - 00000000 ____D C:\Users\Zak\AppData\Local\UnrealEngine
2017-04-26 18:42 - 2017-04-26 18:42 - 00000000 ____D C:\Users\Zak\AppData\Local\Kona
2017-04-26 18:32 - 2017-04-26 18:32 - 00000000 ____D C:\Users\Zak\AppData\LocalLow\Valve
2017-04-26 10:37 - 2017-04-26 10:37 - 00000986 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-04-26 10:37 - 2017-04-26 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-04-26 10:25 - 2017-04-26 10:54 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-04-26 10:25 - 2017-04-26 10:25 - 00000000 ____D C:\Users\Zak\Documents\Heroes of the Storm
2017-04-26 10:25 - 2017-04-26 10:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-26 10:19 - 2017-04-26 12:42 - 00000000 ____D C:\Users\Zak\AppData\Local\Battle.net
2017-04-26 10:19 - 2017-04-26 10:19 - 00000000 ____D C:\Users\Zak\AppData\Local\Blizzard Entertainment
2017-04-26 10:18 - 2017-04-26 10:25 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-04-26 10:18 - 2017-04-26 10:18 - 00000966 _____ C:\Users\Public\Desktop\Blizzard App.lnk
2017-04-26 10:18 - 2017-04-26 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-04-26 10:17 - 2017-04-26 10:25 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Battle.net
2017-04-26 10:17 - 2017-04-26 10:17 - 00000000 ____D C:\ProgramData\Battle.net
2017-04-26 10:16 - 2017-04-26 10:17 - 03358192 _____ (Blizzard Entertainment) C:\Users\Zak\Downloads\Heroes-of-the-Storm-Setup.exe
2017-04-26 00:31 - 2017-04-26 00:31 - 00000000 ____D C:\bin
2017-04-25 23:36 - 2017-04-25 23:36 - 00000129 _____ C:\WINDOWS\system32\SetBuildVars_x64.bat
2017-04-25 23:36 - 2017-04-25 23:36 - 00000000 ____D C:\WINDOWS\system32\vsprojects
2017-04-25 23:36 - 2017-04-25 23:36 - 00000000 ____D C:\WINDOWS\system32\build
2017-04-25 23:35 - 2017-04-25 23:35 - 00000129 _____ C:\WINDOWS\system32\SetBuildVars_Win32.bat
2017-04-25 22:31 - 2017-03-31 20:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-25 22:31 - 2017-03-31 20:57 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 22:31 - 2017-03-31 20:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-25 22:31 - 2017-03-31 20:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-25 22:31 - 2017-03-31 20:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-25 22:31 - 2017-03-31 20:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 22:31 - 2017-03-31 20:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-25 22:31 - 2017-03-31 20:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-25 22:31 - 2017-03-31 20:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-25 22:31 - 2017-03-31 20:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-25 22:31 - 2017-03-31 20:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-25 22:31 - 2017-03-31 19:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 22:31 - 2017-03-31 19:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-25 22:31 - 2017-03-31 19:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-25 22:31 - 2017-03-31 19:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 22:31 - 2017-03-31 19:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 22:31 - 2017-03-31 17:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-25 22:30 - 2017-03-31 21:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-25 22:30 - 2017-03-31 21:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-25 22:30 - 2017-03-31 21:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-25 22:30 - 2017-03-31 21:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 22:30 - 2017-03-31 20:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 22:30 - 2017-03-31 20:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 22:30 - 2017-03-31 19:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-25 22:30 - 2017-03-31 19:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-25 22:30 - 2017-03-31 19:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-25 22:30 - 2017-03-31 19:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 22:30 - 2017-03-31 19:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 22:30 - 2017-03-31 19:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 22:23 - 2017-04-26 14:55 - 00000000 ____D C:\Users\Zak\AppData\Roaming\PSMoveService
2017-04-25 22:16 - 2017-04-25 22:16 - 00000000 ____D C:\Windows.old
2017-04-25 22:15 - 2017-04-25 22:15 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-25 22:15 - 2017-04-25 18:19 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-25 22:12 - 2017-04-25 22:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-25 22:12 - 2017-04-25 22:12 - 00000000 ____D C:\Program Files\MSBuild
2017-04-25 22:12 - 2017-04-25 22:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-25 22:12 - 2017-04-25 22:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-25 22:11 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-25 22:11 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:11 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-25 22:11 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-25 22:11 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:11 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-25 20:11 - 2017-04-25 20:11 - 00115064 _____ C:\Users\Zak\Downloads\usbdeview-x64 (1).zip
2017-04-25 19:49 - 2017-04-26 16:36 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-25 19:49 - 2017-04-26 16:36 - 00000000 ____D C:\Users\Zak\usb_driver
2017-04-25 19:49 - 2017-04-25 20:05 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2017-04-25 19:49 - 2017-04-25 20:05 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-04-25 19:49 - 2017-04-25 20:05 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusb0.sys
2017-04-25 19:49 - 2017-04-25 19:49 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-04-25 19:47 - 2017-04-25 19:47 - 00115064 _____ C:\Users\Zak\Downloads\usbdeview-x64.zip
2017-04-25 19:46 - 2017-04-25 19:46 - 05157496 _____ (akeo.ie) C:\Users\Zak\Downloads\zadig-2.3.exe
2017-04-25 18:54 - 2017-04-25 19:08 - 00000000 ____D C:\Users\Zak\AppData\Local\ElevatedDiagnostics
2017-04-25 18:49 - 2017-04-25 18:49 - 00000222 _____ C:\Users\Zak\Desktop\SteamVR.url
2017-04-25 18:48 - 2017-04-25 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-04-25 18:46 - 2017-04-25 18:46 - 00000000 ____D C:\Users\Zak\AppData\Local\DBG
2017-04-25 18:46 - 2017-04-25 18:46 - 00000000 ____D C:\Program Files\ATI Technologies
2017-04-25 18:45 - 2017-04-25 18:45 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-25 18:42 - 2017-04-25 18:42 - 00000020 ___SH C:\Users\Zak\ntuser.ini
2017-04-25 18:41 - 2017-04-25 18:41 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-25 18:41 - 2017-04-25 18:41 - 00000000 ____D C:\WINDOWS\system32\ÿÿo
2017-04-25 18:41 - 2017-04-25 18:41 - 00000000 ____D C:\WINDOWS\system32\14fe4e6e91372817..bin
2017-04-25 18:41 - 2017-04-25 18:41 - 00000000 ____D C:\WINDOWS\system32\
2017-04-25 18:40 - 2017-04-25 18:40 - 00000000 ____D C:\ProgramData\USOShared
2017-04-25 18:39 - 2017-04-25 18:40 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-25 18:39 - 2017-04-25 18:40 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-25 18:36 - 2017-05-10 09:04 - 01229480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-25 18:35 - 2017-04-25 18:35 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-25 18:34 - 2017-05-10 01:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 18:34 - 2017-05-09 23:41 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-25 18:34 - 2017-05-09 23:06 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35F8A3A1-8512-4402-9DF2-F3EE1F76F062}
2017-04-25 18:34 - 2017-05-06 21:22 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-25 18:34 - 2017-05-06 21:22 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-25 18:34 - 2017-04-25 18:35 - 00023820 _____ C:\WINDOWS\System32\Tasks\{7F7F0D47-797D-0E0E-7811-080B0C79110A}
2017-04-25 18:34 - 2017-04-25 18:35 - 00002858 _____ C:\WINDOWS\System32\Tasks\Fix It Task
2017-04-25 18:34 - 2017-04-25 18:35 - 00002618 _____ C:\WINDOWS\System32\Tasks\FixItPeriod
2017-04-25 18:34 - 2017-04-25 18:35 - 00002510 _____ C:\WINDOWS\System32\Tasks\Fix It Run Delay
2017-04-25 18:34 - 2017-04-25 18:35 - 00002458 _____ C:\WINDOWS\System32\Tasks\HDWallPaper
2017-04-25 18:34 - 2017-04-25 18:35 - 00002228 _____ C:\WINDOWS\System32\Tasks\{1EAC7268-31AC-405A-9D79-96BD98347B03}
2017-04-25 18:34 - 2017-04-25 18:34 - 00002452 _____ C:\WINDOWS\System32\Tasks\Fix It Monitor
2017-04-25 18:34 - 2017-04-25 18:34 - 00002446 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-04-25 18:34 - 2017-04-25 03:01 - 00024662 _____ C:\WINDOWS\System32\Tasks\{790E7D47-7E78-7E79-7911-040F05081108}
2017-04-25 18:34 - 2017-04-25 03:01 - 00003678 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-04-25 18:28 - 2017-04-25 18:28 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-25 18:25 - 2017-04-25 18:28 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-25 18:23 - 2017-05-09 13:48 - 00000000 ____D C:\Users\Zak
2017-04-25 18:23 - 2017-04-25 18:23 - 00000000 _SHDL C:\Users\Zak\My Documents
2017-04-25 18:23 - 2017-04-25 18:23 - 00000000 _SHDL C:\Users\Zak\Documents\My Videos
2017-04-25 18:23 - 2017-04-25 18:23 - 00000000 _SHDL C:\Users\Zak\Documents\My Pictures
2017-04-25 18:23 - 2017-04-25 18:23 - 00000000 _SHDL C:\Users\Zak\Documents\My Music
2017-04-25 18:22 - 2017-04-25 18:22 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-04-25 18:22 - 2017-04-25 18:22 - 00000000 ____D C:\Program Files (x86)\AMD
2017-04-25 18:22 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-25 18:21 - 2017-05-10 01:27 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-25 18:21 - 2017-04-25 18:44 - 00000000 ____D C:\Program Files\AMD
2017-04-25 18:21 - 2017-04-25 18:26 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-25 18:21 - 2017-04-25 18:21 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-25 18:21 - 2017-04-25 18:21 - 00000000 ____D C:\Program Files\Realtek
2017-04-25 18:21 - 2017-04-25 18:21 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-04-25 18:20 - 2017-04-25 18:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2017-04-25 18:19 - 2017-05-09 22:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-25 18:19 - 2017-05-09 21:03 - 00217024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 17:23 - 2017-05-10 09:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-25 17:23 - 2017-04-25 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-25 17:23 - 2017-04-25 17:23 - 01446792 _____ C:\Users\Zak\Downloads\SteamSetup.exe
2017-04-25 17:23 - 2017-04-25 17:23 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2017-04-25 17:16 - 2017-05-09 22:57 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-25 17:02 - 2017-04-25 17:02 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Google
2017-04-25 16:38 - 2017-05-06 21:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-25 14:57 - 2017-04-25 15:07 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Zak\Downloads\CL-Eye-Driver-5.3.0.0341-Emuline.exe
2017-04-25 10:08 - 2017-04-25 10:08 - 00000000 ____D C:\Users\Zak\AppData\Local\UNP
2017-04-25 10:04 - 2017-04-25 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix It
2017-04-25 10:04 - 2017-04-25 10:07 - 00000272 _____ C:\WINDOWS\Tasks\FixItPeriod.job
2017-04-25 10:04 - 2017-04-25 10:04 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Fix It
2017-04-25 10:04 - 2017-04-25 10:04 - 00000000 ____D C:\ProgramData\20c00aac-7c41-0
2017-04-25 10:04 - 2017-04-25 10:04 - 00000000 ____D C:\ProgramData\20c00aac-01a3-1
2017-04-25 10:02 - 2017-04-25 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 10:02 - 2017-04-25 10:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-25 10:00 - 2017-04-25 18:28 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-25 10:00 - 2017-04-25 10:01 - 00000000 ____D C:\Program Files\UNP
2017-04-25 09:57 - 2017-04-25 10:04 - 00000000 ____D C:\Users\Zak\AppData\Local\ipscan(beta)
2017-04-25 04:21 - 2017-05-09 23:29 - 00000000 ____D C:\Users\Zak\AppData\Local\ntuserlitelist
2017-04-25 04:21 - 2017-04-25 09:54 - 00000000 ____D C:\Users\Zak\AppData\Local\llssoft
2017-04-25 03:22 - 2017-04-25 03:22 - 00000000 ____D C:\Users\Zak\AppData\Local\StardewValley
2017-04-25 03:13 - 2017-04-25 03:14 - 00000000 ____D C:\Program Files (x86)\ProxyGate
2017-04-25 03:12 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\54779437
2017-04-25 03:07 - 2017-04-25 18:28 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-04-25 03:07 - 2017-04-25 03:07 - 00000000 ____D C:\Users\Zak\AppData\Roaming\AGData
2017-04-25 03:06 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\17041224
2017-04-25 03:02 - 2017-04-25 18:28 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
2017-04-25 03:02 - 2017-04-25 03:14 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-04-25 03:01 - 2017-05-10 09:00 - 00624640 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-04-25 03:01 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\85162634
2017-04-25 03:01 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\59155256
2017-04-25 03:01 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\22460370
2017-04-25 03:01 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\7dee3dfd-5c05-0
2017-04-25 03:01 - 2017-05-06 21:20 - 00000000 ____D C:\ProgramData\7dee3dfd-1b61-1
2017-04-25 03:01 - 2017-04-25 09:57 - 00000000 ____D C:\ProgramData\RegisterObject
2017-04-25 03:01 - 2017-04-25 03:12 - 00140288 _____ C:\Users\Zak\AppData\Roaming\Installer.dat
2017-04-25 03:01 - 2017-04-25 03:12 - 00011568 _____ C:\Users\Zak\AppData\Roaming\InstallationConfiguration.xml
2017-04-25 03:01 - 2017-04-25 03:02 - 00014336 _____ C:\Users\Zak\AppData\Local\amling.dll
2017-04-25 03:01 - 2017-04-25 03:02 - 00002048 _____ C:\Users\Zak\AppData\Local\uninstallro.exe
2017-04-25 03:01 - 2017-04-25 03:01 - 00907160 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\WINDOWS\src_srv
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\Users\Zak\AppData\Roaming\HDWallPaper
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\Users\Zak\AppData\Roaming\gplyra
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
2017-04-25 03:01 - 2017-04-25 03:01 - 00000000 ____D C:\Program Files\Real-Exams.net
2017-04-25 03:00 - 2017-05-08 23:12 - 00000000 ____D C:\Users\Zak\AppData\Roaming\58131278
2017-04-25 03:00 - 2017-04-25 03:00 - 00000000 ____D C:\Users\Zak\AppData\Roaming\c
2017-04-25 03:00 - 2017-04-25 03:00 - 00000000 ____D C:\Users\Zak\AppData\Local\frfjunno
2017-04-25 03:00 - 2017-04-25 03:00 - 00000000 ____D C:\Users\Zak\AppData\Local\dyhaztpx
2017-04-25 02:36 - 2017-04-25 02:36 - 00000000 ____D C:\Users\Zak\AppData\LocalLow\Cartoon Network Games
2017-04-25 02:36 - 2017-04-25 02:36 - 00000000 ____D C:\Users\Zak\AppData\Local\CartoonNetworkGames
2017-04-25 02:07 - 2017-04-25 02:07 - 00000000 ____D C:\Users\Zak\Documents\Deus Ex - Mankind Divided - VR
2017-04-25 02:07 - 2017-04-25 02:07 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Eidos Montreal
2017-04-25 01:50 - 2017-04-26 18:17 - 00000000 ____D C:\Users\Zak\Desktop\psvr
2017-04-25 01:27 - 2017-04-25 01:27 - 00000000 ____D C:\Users\Zak\AppData\LocalLow\DefaultCompany
2017-04-25 00:56 - 2017-04-25 00:56 - 00000000 ____D C:\Users\Zak\AppData\Roaming\ATI
2017-04-25 00:56 - 2017-04-25 00:56 - 00000000 ____D C:\Users\Zak\AppData\Local\ATI
2017-04-25 00:56 - 2017-04-25 00:56 - 00000000 ____D C:\ProgramData\ATI
2017-04-25 00:39 - 2017-04-25 03:15 - 939711962 _____ C:\WINDOWS\MEMORY.DMP
2017-04-24 23:01 - 2017-04-24 23:01 - 00000000 ____D C:\Users\Zak\AppData\Local\openvr
2017-04-24 22:58 - 2017-04-24 22:58 - 00000000 ____D C:\Users\Zak\Documents\TrinusPSVR
2017-04-24 22:58 - 2017-04-24 22:58 - 00000000 ____D C:\Users\Zak\AppData\Local\Odd_Sheep_SL
2017-04-24 22:55 - 2017-04-24 22:56 - 00000000 ____D C:\Users\Zak\AppData\Roaming\FreePIE
2017-04-24 22:53 - 2017-04-24 22:53 - 09891840 _____ C:\Users\Zak\Downloads\FreePIE.1.9.629.0.msi
2017-04-24 22:51 - 2017-04-24 22:51 - 00000000 ____D C:\Program Files\DIFX
2017-04-24 22:51 - 2016-11-03 22:45 - 00099128 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbK.dll
2017-04-24 22:51 - 2016-11-03 22:45 - 00084280 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusbK.dll
2017-04-24 22:50 - 2017-04-24 22:51 - 23364456 _____ (Odd Sheep SL. ) C:\Users\Zak\Downloads\TrinusPSVRSetup.exe
2017-04-24 21:49 - 2017-04-24 21:49 - 00000000 ____D C:\Users\Zak\AppData\Roaming\.mono
2017-04-24 21:46 - 2017-04-25 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program [GOG.com]
2017-04-24 10:02 - 2017-04-24 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-22 13:32 - 2017-04-22 13:34 - 00000000 ____D C:\Users\Zak\AppData\Roaming\EliteG19s
2017-04-22 13:28 - 2017-04-22 13:28 - 00000000 ____D C:\Users\Zak\AppData\Local\Apps\2.0
2017-04-11 23:12 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 23:12 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-10 09:02 - 2016-11-04 07:28 - 00000000 ____D C:\Users\Zak\AppData\Roaming\uTorrent
2017-05-10 09:01 - 2016-10-27 08:50 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Spotify
2017-05-10 01:27 - 2017-03-18 07:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-10 00:58 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-10 00:32 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-09 23:58 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-09 23:51 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-05-09 23:51 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-05-09 23:34 - 2015-11-17 14:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-09 21:40 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-09 21:25 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-09 21:21 - 2016-10-27 08:51 - 00000000 ____D C:\Users\Zak\AppData\Local\Spotify
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-09 13:47 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 13:47 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-09 13:35 - 2016-10-27 09:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 13:33 - 2016-10-27 09:13 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-08 23:15 - 2016-10-27 11:39 - 00000000 ____D C:\Users\Zak\Documents\My Games
2017-05-08 22:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-08 19:36 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-08 18:57 - 2016-11-07 20:58 - 00000000 ____D C:\ProgramData\AMD
2017-05-06 21:28 - 2016-10-27 07:32 - 00000000 ____D C:\Users\Zak\AppData\Local\Packages
2017-04-28 21:05 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 21:05 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 14:56 - 2016-10-27 09:00 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-26 10:05 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-25 22:18 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-25 22:16 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-25 19:49 - 2016-10-27 10:49 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-25 18:54 - 2016-11-04 08:34 - 00000000 ____D C:\Users\Zak\Desktop\New folder
2017-04-25 18:53 - 2016-10-27 07:35 - 00002361 _____ C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 18:53 - 2016-05-08 00:47 - 00000000 ___RD C:\Users\Zak\OneDrive
2017-04-25 18:43 - 2016-10-27 07:32 - 00000000 ____D C:\Users\Zak\AppData\Local\ConnectedDevicesPlatform
2017-04-25 18:40 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-25 18:40 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-25 18:40 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-25 18:40 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-25 18:38 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-25 18:38 - 2016-10-27 10:49 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-25 18:35 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-25 18:34 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-25 18:29 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-04-25 18:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 18:28 - 2017-01-17 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2017-04-25 18:28 - 2017-01-07 20:03 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 18:28 - 2017-01-07 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 18:28 - 2016-12-23 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-25 18:28 - 2016-12-13 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-25 18:28 - 2016-12-04 01:18 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2017-04-25 18:28 - 2016-10-27 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2017-04-25 18:27 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-25 18:27 - 2016-11-30 21:50 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2017-04-25 18:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-25 18:26 - 2017-01-17 18:30 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2017-04-25 18:24 - 2017-01-08 13:05 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-04-25 18:22 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-25 18:21 - 2016-01-11 12:17 - 00000000 ____D C:\AMD
2017-04-25 17:41 - 2016-10-27 08:48 - 00000000 ____D C:\Users\Zak\AppData\Local\Google
2017-04-25 16:38 - 2017-01-07 16:02 - 00000000 ____D C:\GOG Games
2017-04-25 16:38 - 2016-10-27 08:49 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-25 03:28 - 2017-01-21 23:03 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2017-04-25 03:27 - 2016-05-08 08:15 - 00000000 ____D C:\Games
2017-04-25 02:45 - 2016-12-13 15:38 - 00000000 ____D C:\ProgramData\Oracle
2017-04-25 02:39 - 2016-12-13 15:38 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-25 02:39 - 2016-12-13 15:38 - 00000000 ____D C:\Program Files\Java
2017-04-10 06:50 - 2016-10-27 07:34 - 00000000 ____D C:\Users\Zak\AppData\Local\Comms
==================== Files in the root of some directories =======
2017-04-25 03:01 - 2017-04-25 03:12 - 0011568 _____ () C:\Users\Zak\AppData\Roaming\InstallationConfiguration.xml
2017-04-25 03:01 - 2017-04-25 03:12 - 0140288 _____ () C:\Users\Zak\AppData\Roaming\Installer.dat
2017-04-25 03:01 - 2017-04-25 03:02 - 0014336 _____ () C:\Users\Zak\AppData\Local\amling.dll
2017-05-10 00:21 - 2017-05-10 00:21 - 0000017 _____ () C:\Users\Zak\AppData\Local\resmon.resmoncfg
2017-04-25 03:01 - 2017-04-25 03:02 - 0002048 _____ () C:\Users\Zak\AppData\Local\uninstallro.exe
2017-04-25 18:22 - 2017-04-25 18:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-08 19:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Zak (10-05-2017 09:23:45)
Running from C:\Users\Zak\Downloads
Windows 10 Home Version 1703 (X64) (2017-04-25 22:41:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1184263899-1235007467-3654102174-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1184263899-1235007467-3654102174-503 - Limited - Disabled)
Guest (S-1-5-21-1184263899-1235007467-3654102174-501 - Limited - Disabled)
Zak (S-1-5-21-1184263899-1235007467-3654102174-1002 - Administrator - Enabled) => C:\Users\Zak
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adventure Time: Magic Man's Head Games (HKLM\...\Steam App 412790) (Version: - Turbo Button)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - )
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 RC Redistributable (x64) - 14.10.24728 (HKLM-x32\...\{197f8e1a-7e93-4cb4-a4f9-19dc2c2c4ee2}) (Version: 14.10.24728.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {41E08B17-3C7F-46B4-8BEB-C03FE1F38217} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {538C0AEB-EEDB-497A-AF4A-3D90A2499804} - System32\Tasks\{7F7F0D47-797D-0E0E-7811-080B0C79110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAIAA7ACAAIAA7ACAAOwA7ADsAOwAgADsAIAAgADsAIAAgACAAIAA7ADsAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (the data entry has 10072 more characters). <==== ATTENTION
Task: {5D6F97F7-121F-490F-A9A9-4747D2312D3C} - System32\Tasks\AGProxyCheck => C:\Program
Task: {6454CE27-5741-489F-A997-02E7E612609D} - System32\Tasks\Fix It Monitor => C:\Program Files (x86)\FixIt\FixItConsole.exe <==== ATTENTION
Task: {725BF6D6-8EC7-4653-AD90-07B1264869E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {79643EB9-9DAA-466E-820B-6EFA7F09EBF7} - System32\Tasks\Fix It Task => C:\PROGRA~2\FixIt\FIXITM~1.EXE <==== ATTENTION
Task: {8BAE2371-ECA1-4163-A3E5-CE2CB42340FE} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe <==== ATTENTION
Task: {8DC15A6D-10FD-4818-9D6F-D49CF3C3D031} - System32\Tasks\Fix It Run Delay => C:\Program Files (x86)\FixIt\FixIt.exe <==== ATTENTION
Task: {9C83E627-B219-46C2-8D53-5D88694568A1} - System32\Tasks\{3953FD97-CEFF-D448-97D4-2B7D0CE71E12} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a27b6297\d222843e.dll" <==== ATTENTION
Task: {A0A925CF-1B7A-453B-9D41-96923ABD99FE} - System32\Tasks\{C1D1D63F-767A-6194-4078-1CFA931918EC} => C:\ProgramData\{799625DC-CE3D-9277-7979-112E60601D3C}\4AC3FD61-FD68-4ACA-B20E-CAC2341D7336.exe [2017-05-06] () <==== ATTENTION
Task: {A19A0AA0-4BDA-429E-BDAE-9BBE358EBC57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterObject => C:\\ProgramData\\RegisterObject\\RegisterObject.exe [2017-04-09] () <==== ATTENTION
Task: {B020D854-1B96-4DC0-9A27-EFD50A82C13A} - System32\Tasks\{1EAC7268-31AC-405A-9D79-96BD98347B03} => pcalua.exe -a C:\Users\Zak\AppData\Local\uninstallro.exe
Task: {D9282CC5-668F-45E1-8985-743E0D89623F} - System32\Tasks\FixItPeriod => C:\Program Files (x86)\FixIt\FixIt.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\FixItPeriod.job =>
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 21:04 - 2017-05-10 01:27 - 00336384 _____ () C:\WINDOWS\TEMP\gB2B2.tmp.exe
2017-05-08 19:00 - 2017-05-10 01:28 - 00469504 _____ () C:\WINDOWS\TEMP\gA7EB.tmp.exe
2017-04-25 03:01 - 2017-05-10 09:00 - 00624640 _____ () C:\Windows\System32\NetUtils2016.dll
2016-11-21 17:19 - 2016-11-21 17:19 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-30 19:12 - 2016-06-30 19:12 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-13 20:09 - 2017-01-13 20:09 - 00896512 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-01-20 20:18 - 2017-01-20 20:18 - 01087488 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-05-06 21:30 - 2017-05-01 21:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
2017-05-06 21:30 - 2017-05-01 21:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\Zak\AppData\Local\ntuserlitelist\dataup\help_dll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-10-27 10:49 - 2017-04-25 03:00 - 00000918 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 82.163.143.157 - 82.163.142.159
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "gplyra"
HKLM\...\StartupApproved\Run32: => "AnonymizerGadget"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "SJKE5MM5TH8X1F2"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "P915QK7E1GNJ0P7"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "X8052LYV8RSBPMB"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "K7ITTLK5X84KSY4"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "TVHHEQ76OI9YKO2"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "1OIUO1NUCL802ZF"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "Y6Y02RP3YTDWAQO"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "R2J4UNWX4Z7O1KX"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "A3KMS5FB1CFGNAW"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "GP3F01PS6TDQBHE"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "0QDRD030FUZVBFC"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "DTP3U44RET97WR9"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "8XJ0WHEE20GRDRE"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "9MY2EUIQ6S3WKDX"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "Q9F2Y6QME6VDURQ"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "G2MYBCQYIS2ICNV"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "EGZ4SQFCY1UFUCW"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "QCXOHJ5G7WH2LY3"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "ETIGUX4UJQ7T8W6"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "9NE0LLO1P36Z4Y9"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "amling"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "183077"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "124468"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "845950"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "53050"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "264031"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "610530"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "959317"
HKU\S-1-5-21-1184263899-1235007467-3654102174-1002\...\StartupApproved\Run: => "Spoutly.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{545E3616-781B-4D3B-A767-6EC3181DD50B}C:\users\zak\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zak\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2B3F3454-A587-4B10-B5E0-F103F80BDA7C}C:\users\zak\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zak\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F45772C8-CBBE-463F-8190-776B9E953EE0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5BB6AB59-1330-4E99-A9AB-D2CC08E1053A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{294789B3-BE96-4A85-AA85-B0412A0B5033}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19695C43-50BA-4D89-AC9D-7E9E094ECC2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{861DDA7A-D9A7-4762-8C4E-ECEAB5372DEE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{D2705FE5-04A0-42F3-9958-E954445F4DC3}C:\users\zak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zak\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{84592782-1932-4C39-AE08-C6CA0205295A}C:\users\zak\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zak\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C223B17F-6E7C-4139-AEF1-7FA1924F7ADD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{959FD429-505A-428B-9F6D-C00DAF287C64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{4FBF8117-C4A2-45FF-B931-FF6E2D157465}C:\users\zak\appdata\local\temp\rar$exa0.798\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\appdata\local\temp\rar$exa0.798\win64\bin\psmoveservice.exe
FirewallRules: [UDP Query User{BF7DA381-1A4D-4AEF-8EA2-73B1C25330C5}C:\users\zak\appdata\local\temp\rar$exa0.798\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\appdata\local\temp\rar$exa0.798\win64\bin\psmoveservice.exe
FirewallRules: [TCP Query User{2889032E-5250-47ED-ACDC-0732F8445266}C:\users\zak\desktop\psvr\psmove service\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\psmove service\win64\bin\psmoveservice.exe
FirewallRules: [UDP Query User{10439D4D-AAE0-4D80-9D07-D4A52C264BAE}C:\users\zak\desktop\psvr\psmove service\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\psmove service\win64\bin\psmoveservice.exe
FirewallRules: [TCP Query User{3E90A2F1-4AA7-4F9F-9173-2F28DB274E60}C:\users\zak\desktop\psvr\ps move service 6\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\ps move service 6\psmoveservice.exe
FirewallRules: [UDP Query User{2CD8851B-6CAD-4F83-96E5-E15219788638}C:\users\zak\desktop\psvr\ps move service 6\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\ps move service 6\psmoveservice.exe
FirewallRules: [TCP Query User{8C85BC00-4702-4E7F-B35C-94CDFBE020CF}C:\users\zak\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zak\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{88E3D33F-F9D0-4D39-92A7-63F6B980E90C}C:\users\zak\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zak\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{DE986302-4359-4E60-A0E3-F1497A8F1805}C:\users\zak\desktop\psvr\psvr6\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\psvr6\psmoveservice.exe
FirewallRules: [UDP Query User{84F1BF0A-1598-4413-9432-F04DC5CBBF5D}C:\users\zak\desktop\psvr\psvr6\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\psvr6\psmoveservice.exe
FirewallRules: [{9BA1B0C7-E799-4711-B903-A4E0F4BC7EEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{E7116096-493A-4D10-AF7C-6CA8572AEC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [TCP Query User{26149877-C4AA-44AB-80F4-C2E99D02F89D}C:\users\zak\desktop\psvr\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\win64\bin\psmoveservice.exe
FirewallRules: [UDP Query User{EB8352D8-CDF7-4B1A-B667-4D396501F3FD}C:\users\zak\desktop\psvr\win64\bin\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\win64\bin\psmoveservice.exe
FirewallRules: [TCP Query User{BFD0809B-249B-4436-B12B-A4EED1B465AE}C:\users\zak\desktop\psvr\bridge\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\bridge\psmoveservice.exe
FirewallRules: [UDP Query User{F2C91BDF-CD35-41E1-80CA-BCEDAAFB0148}C:\users\zak\desktop\psvr\bridge\psmoveservice.exe] => (Allow) C:\users\zak\desktop\psvr\bridge\psmoveservice.exe
FirewallRules: [TCP Query User{5E26FC86-6462-4183-8F67-45FE1A85FC7C}C:\program files (x86)\steam\steamapps\common\trials on tatooine\kona\binaries\win64\kona-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\trials on tatooine\kona\binaries\win64\kona-win64-shipping.exe
FirewallRules: [UDP Query User{ACFAED70-2DF5-496A-B9B9-29711597101B}C:\program files (x86)\steam\steamapps\common\trials on tatooine\kona\binaries\win64\kona-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\trials on tatooine\kona\binaries\win64\kona-win64-shipping.exe
FirewallRules: [TCP Query User{AC1FCA69-E8EC-4BD3-9436-59960B1AE22A}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{57769A84-B246-4941-886B-F0B892756AE6}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{39E4C08C-6983-470B-9399-68BD9E292CF8}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{8A5338BE-A1C7-463B-838B-229CC890BE8D}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{A72EEC2D-6B1A-4FAD-8405-4649F9D22640}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D6BE8E46-D539-4EC2-BB7F-2B8F84185D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{F57075A1-266B-45C3-9DCE-ED08D2EF44A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{C44A1B3F-6DC1-4103-9119-B2067B67FB78}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{B2AE392E-D157-4C98-A277-4B4B875C902F}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{82100522-7B08-4299-81B5-84CBEAABF0D3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{F26D0D6B-5E47-4B10-99C8-DE8684E5C035}] => (Allow) C:\Windows\System32\rundll32.exe
==================== Restore Points =========================
09-05-2017 23:21:14 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/10/2017 01:28:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app 9E2F88E3.Twitter_wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 01:28:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 12:59:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-SOECPED)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (05/10/2017 12:59:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-SOECPED)
Description: Package Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
System errors:
=============
Error: (05/10/2017 01:28:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server microsoft.windowscommunicationsapps_17.8126.42377.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server Microsoft.MicrosoftOfficeHub_17.8107.7600.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXrqs94aemecwbtd1veqtvyn34m9ks80g7.mca did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server microsoft.windowscommunicationsapps_17.8126.42377.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:51 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-SOECPED)
Description: Unable to start a DCOM Server: Microsoft.People_10.2.831.0_x64__8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXzejyt9r85hqcnkedyedn8h8akaf9sz0q.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca
Error: (05/10/2017 01:28:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server Microsoft.People_10.2.831.0_x64__8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mca did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server 9E2F88E3.Twitter_5.7.1.0_x86__wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx.AppXd7yv3gyg9bkzg9pz33y90tg33g3ketmr.mca did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:50 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Error: (05/10/2017 01:28:50 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SOECPED)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2017-04-27 17:05:08.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 16:36:16.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 16:02:42.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 15:35:35.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 14:57:04.990
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\WinMetadata\Windows.Graphics.winmd because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 14:57:04.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 09:18:24.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 08:44:21.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 08:12:04.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-27 00:36:24.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Windows.UI.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 24557.55 MB
Available physical RAM: 18763.5 MB
Total Virtual: 28141.55 MB
Available Virtual: 21471.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.53 GB) (Free:1713.09 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.51 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 87ECA50B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== End of Addition.txt ============================
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
Sign In
Create Account
