Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected my ransomware. Please Help, I'm terrified.

Started by SuprememMystique , Sep 21 2017 09:20 AM

Please log in to reply

#1
SuprememMystique

Posted 21 September 2017 - 09:20 AM

Member

Member
19 posts

https://imgur.com/a/fmJfu

According to hitman pro, I'm infected with ransomware. Unfortunately, I can't quarantine it because I'm using a trial edition of HM pro. I tried doing a quick scan with avasta and malware bytes and nothing showed up. Please help me out, I don't want them to access my private information or get access to my banking account. What should I do?

#2
RKinner

Posted 21 September 2017 - 09:30 AM

Malware Expert

Expert
24,625 posts

If Avast & MBAM didn't flag it I expect it's a false positive. Hitman is a piece of junk that often leaves a PC unbootable so I would uninstall it. You can submit the file to virustotal and see what they say:

Easiest way to submit a file is to copy the path:

c:\Windows\System32\spoolsv.exe (This is an example since I can't read the full path of yours.)

Then

Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with spoolsv.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 50+ different anti-virus companies. In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

Let's do a FRST scan so we can see what is going on:

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
SuprememMystique

Posted 21 September 2017 - 10:01 AM

Member

Topic Starter
Member
19 posts

For the first file, it had 1 result. For the 2nd and 3rd file, it had 3/64 for both. This reply won't let me paste the results because of the image but I can link them

https://www.virustot...c0c45/detection

https://www.virustot...b4bf2/detection

https://www.virustot...92258/detection

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017

Ran by pahmadi (administrator) on PAPC (21-09-2017 11:50:52)

Running from E:\

Loaded Profiles: pahmadi (Available Profiles: pahmadi)

Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) E:\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-10] (Realtek Semiconductor)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-06] (AVAST Software)

HKLM\...\Run: [iTunesHelper] => E:\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation)

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [53208 2016-08-31] (AVAST Software)

Startup: C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-02-02]

ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

Startup: C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-13]

ShortcutTarget: MEGAsync.lnk -> C:\Users\pahmadi\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

Startup: C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-08-11]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{69a5be69-089f-41a1-a58b-ce1fe64b399c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-18] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-18] (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-3840187337-3860288294-2545479360-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

FireFox:

========

FF DefaultProfile: avgppbx6.default

FF ProfilePath: C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default [2017-09-21]

FF Extension: (Avira Browser Safety) - C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default\Extensions\[email protected] [2017-07-25]

FF Extension: (Avast SafePrice) - C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default\Extensions\[email protected] [2017-06-01]

FF Extension: (uBlock Origin) - C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default\Extensions\[email protected] [2017-07-25]

FF Extension: (Avast Online Security) - C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default\Extensions\[email protected] [2017-09-06]

FF Extension: (Adblock Plus) - C:\Users\pahmadi\AppData\Roaming\Mozilla\Firefox\Profiles\avgppbx6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-18] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-18] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]

CHR Extension: (Google Slides) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-10]

CHR Extension: (Google Docs) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-10]

CHR Extension: (Google Drive) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10]

CHR Extension: (YouTube) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10]

CHR Extension: (uBlock Origin) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-06]

CHR Extension: (Adblock for Youtube™) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]

CHR Extension: (Google Search) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10]

CHR Extension: (Google Sheets) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-10]

CHR Extension: (Google Docs Offline) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]

CHR Extension: (AdBlock) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-21]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (Gmail) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10]

CHR Extension: (Chrome Media Router) - C:\Users\pahmadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-06] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-06] (AVAST Software)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-15] (SurfRight B.V.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)

S3 Origin Client Service; E:\Origin\OriginClientService.exe [2098528 2017-09-12] (Electronic Arts)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-06] (AVAST Software s.r.o.)

R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-06] (AVAST Software s.r.o.)

R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-06] (AVAST Software s.r.o.)

R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-06] (AVAST Software s.r.o.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-06] (AVAST Software)

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-06] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-06] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-06] (AVAST Software)

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-06] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-06] (AVAST Software)

R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-06] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-06] (AVAST Software)

S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [595456 2014-09-19] (C-MEDIA)

R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)

R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)

R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()

R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()

R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-21] (Malwarebytes)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()

R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()

R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)

R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:14 - 2017-09-21 11:14 - 000001390 _____ C:\Users\Public\Desktop\iTunes.lnk

2017-09-21 11:14 - 2017-09-21 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2017-09-21 11:14 - 2017-09-21 11:14 - 000000000 ____D C:\Program Files\iTunes

2017-09-21 11:14 - 2017-09-21 11:14 - 000000000 ____D C:\Program Files\iPod

2017-09-21 11:12 - 2017-09-21 11:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple

2017-09-21 11:12 - 2017-09-21 11:12 - 000000000 ____D C:\Program Files (x86)\Apple Software Update

2017-09-20 21:51 - 2017-09-20 21:55 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\vlc

2017-09-19 21:35 - 2017-09-20 00:12 - 000000000 ____D C:\Users\pahmadi\.atom

2017-09-19 21:34 - 2017-09-19 21:35 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\Atom

2017-09-19 21:34 - 2017-09-19 21:35 - 000000000 ____D C:\Users\pahmadi\AppData\Local\SquirrelTemp

2017-09-19 21:34 - 2017-09-19 21:35 - 000000000 ____D C:\Users\pahmadi\AppData\Local\atom

2017-09-19 21:34 - 2017-09-19 21:34 - 000002255 _____ C:\Users\pahmadi\Desktop\Atom.lnk

2017-09-19 21:34 - 2017-09-19 21:34 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc

2017-09-15 09:13 - 2017-09-15 09:13 - 000000684 _____ C:\Users\pahmadi\Desktop\NBA 2K18.lnk

2017-09-15 09:13 - 2017-09-15 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K18

2017-09-15 01:26 - 2017-09-15 01:26 - 000000218 _____ C:\Users\pahmadi\AppData\Local\recently-used.xbel

2017-09-12 23:19 - 2017-09-12 23:19 - 000000000 ____D C:\ProgramData\SWCUTemp

2017-09-12 15:27 - 2017-09-12 15:28 - 000000000 ____D C:\Users\pahmadi\Documents\FIFA 18 Demo

2017-09-12 15:26 - 2017-09-12 15:26 - 000000949 _____ C:\Users\Public\Desktop\FIFA 18 DEMO.lnk

2017-09-12 15:26 - 2017-09-12 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 18 DEMO

2017-09-12 14:26 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-09-12 14:26 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-09-12 14:26 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys

2017-09-12 14:26 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2017-09-12 14:26 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-09-12 14:26 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-09-12 14:26 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-09-12 14:26 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-09-12 14:26 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2017-09-12 14:26 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2017-09-12 14:26 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2017-09-12 14:26 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2017-09-12 14:26 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-09-12 14:26 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-09-12 14:26 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-09-12 14:26 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-09-12 14:26 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll

2017-09-12 14:26 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-09-12 14:26 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2017-09-12 14:26 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-09-12 14:26 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-09-12 14:26 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-09-12 14:26 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll

2017-09-12 14:26 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-09-12 14:26 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-09-12 14:26 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-09-12 14:26 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2017-09-12 14:26 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-09-12 14:26 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-09-12 14:26 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe

2017-09-12 14:26 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2017-09-12 14:26 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-09-12 14:26 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2017-09-12 14:26 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2017-09-12 14:26 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2017-09-12 14:26 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll

2017-09-12 14:26 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2017-09-12 14:26 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2017-09-12 14:26 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-09-12 14:26 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll

2017-09-12 14:26 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2017-09-12 14:26 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-09-12 14:26 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-09-12 14:26 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2017-09-12 14:26 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2017-09-12 14:26 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2017-09-12 14:26 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll

2017-09-12 14:26 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-09-12 14:26 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll

2017-09-12 14:26 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys

2017-09-12 14:26 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys

2017-09-12 14:26 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-09-12 14:26 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys

2017-09-12 14:26 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-09-12 14:26 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2017-09-12 14:26 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys

2017-09-12 14:26 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2017-09-12 14:26 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe

2017-09-12 14:26 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe

2017-09-12 14:26 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-09-12 14:26 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2017-09-12 14:26 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2017-09-12 14:26 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2017-09-12 14:26 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys

2017-09-12 14:26 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-09-12 14:26 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2017-09-12 14:26 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll

2017-09-12 14:26 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll

2017-09-12 14:26 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2017-09-12 14:26 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-09-12 14:26 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2017-09-12 14:26 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll

2017-09-12 14:26 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-09-12 14:26 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-09-12 14:26 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2017-09-12 14:26 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe

2017-09-12 14:26 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-09-12 14:26 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2017-09-12 14:26 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2017-09-12 14:26 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe

2017-09-12 14:26 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll

2017-09-12 14:26 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2017-09-12 14:26 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll

2017-09-12 14:26 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll

2017-09-12 14:26 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2017-09-12 14:26 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2017-09-12 14:26 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-09-12 14:26 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-09-12 14:26 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-09-12 14:26 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-09-12 14:26 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-09-12 14:26 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-09-12 14:26 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-09-12 14:26 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-09-12 14:26 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-09-12 14:26 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-09-12 14:26 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-09-12 14:26 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-09-12 14:26 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

2017-09-12 14:26 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll

2017-09-12 14:26 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll

2017-09-12 14:26 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-09-12 14:26 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll

2017-09-12 14:26 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll

2017-09-12 14:26 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll

2017-09-12 14:25 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-09-12 14:25 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-09-12 14:25 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-09-12 14:25 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-09-12 14:25 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-09-12 14:25 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-09-12 14:25 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll

2017-09-12 14:25 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-09-12 14:25 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2017-09-12 14:25 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-09-12 14:25 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys

2017-09-12 14:25 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-09-12 14:25 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll

2017-09-12 14:25 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2017-09-12 14:25 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-09-12 14:25 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-09-12 14:25 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2017-09-12 14:25 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-09-12 14:25 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2017-09-12 14:25 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll

2017-09-12 14:25 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-09-12 14:25 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-09-12 14:25 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2017-09-12 14:25 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2017-09-12 14:25 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2017-09-12 14:25 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2017-09-12 14:25 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll

2017-09-12 14:25 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2017-09-12 14:25 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2017-09-12 14:25 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-09-12 14:25 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll

2017-09-12 14:25 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2017-09-12 14:25 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-09-12 14:25 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-09-12 14:25 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-09-12 14:25 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll

2017-09-12 14:25 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2017-09-12 14:25 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-09-12 14:25 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2017-09-12 14:25 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2017-09-12 14:25 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll

2017-09-12 14:25 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2017-09-12 14:25 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-09-12 14:25 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-09-12 14:25 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-09-12 14:25 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe

2017-09-12 14:25 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll

2017-09-12 14:25 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2017-09-12 14:25 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2017-09-12 14:25 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-09-12 14:25 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-09-12 14:25 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-09-12 14:25 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-09-12 14:25 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll

2017-09-12 14:25 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll

2017-09-12 14:25 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll

2017-09-12 14:25 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll

2017-09-12 14:25 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll

2017-09-12 14:25 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll

2017-09-12 14:25 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2017-09-12 14:25 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe

2017-09-12 14:25 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-09-12 14:25 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys

2017-09-12 14:25 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2017-09-12 14:25 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll

2017-09-12 14:25 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll

2017-09-12 14:25 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-09-12 14:25 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2017-09-12 14:25 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll

2017-09-12 14:25 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll

2017-09-12 14:25 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll

2017-09-12 14:25 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll

2017-09-12 14:25 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2017-09-12 14:25 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2017-09-12 14:25 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-09-12 14:25 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2017-09-12 14:25 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2017-09-12 14:25 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2017-09-12 14:25 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-09-12 14:25 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2017-09-12 14:25 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-09-12 14:25 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

2017-09-12 14:25 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-09-12 14:25 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll

2017-09-12 14:25 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-09-12 14:25 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2017-09-12 14:25 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-09-12 14:25 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll

2017-09-12 14:25 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll

2017-09-12 14:25 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-09-12 14:25 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2017-09-12 14:25 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2017-09-12 14:25 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-09-12 14:25 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-09-12 14:25 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll

2017-09-12 14:25 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2017-09-12 14:25 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-09-12 14:25 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll

2017-09-12 14:25 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-09-12 14:25 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-09-12 14:25 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2017-09-12 14:25 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2017-09-12 14:25 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll

2017-09-12 14:25 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll

2017-09-12 14:25 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-09-12 14:25 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

2017-09-06 18:31 - 2017-09-06 18:31 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:50 - 2016-04-20 11:27 - 000000000 ____D C:\FRST

2017-09-21 11:14 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF

2017-09-21 11:12 - 2016-07-10 21:39 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2017-09-21 11:07 - 2016-11-26 14:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-09-21 10:50 - 2017-07-05 22:20 - 000000000 ____D C:\ProgramData\NVIDIA

2017-09-21 10:50 - 2016-01-01 14:02 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-09-21 00:34 - 2017-07-05 22:24 - 000003132 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner

2017-09-20 23:11 - 2017-07-05 22:24 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDA24C7D-A729-4B38-AE7D-A3D379BB6853}

2017-09-20 16:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-09-19 21:38 - 2015-12-29 15:25 - 000000000 ____D C:\Users\pahmadi\AppData\Local\CrashDumps

2017-09-19 21:35 - 2017-07-05 22:20 - 000000000 ____D C:\Users\pahmadi

2017-09-19 14:20 - 2017-07-05 22:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2017-09-19 11:06 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-09-15 18:17 - 2016-04-22 18:06 - 000000000 ____D C:\Users\pahmadi\Downloads\fraps

2017-09-15 09:27 - 2016-01-12 00:26 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\2K Sports

2017-09-14 18:39 - 2015-12-13 19:16 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\deluge

2017-09-14 01:09 - 2015-12-22 15:58 - 000000000 ____D C:\ProgramData\Origin

2017-09-13 22:07 - 2015-12-22 15:59 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\Origin

2017-09-13 00:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-09-13 00:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed

2017-09-12 23:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache

2017-09-12 22:05 - 2016-04-02 23:15 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-09-12 21:15 - 2017-07-05 22:29 - 001165114 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-09-12 21:11 - 2017-07-05 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-09-12 21:11 - 2017-07-05 22:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-09-12 21:11 - 2017-07-05 22:19 - 000381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-09-12 21:11 - 2017-03-18 07:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2017-09-12 21:10 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-09-12 16:46 - 2017-07-05 22:24 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:24 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-09-12 16:46 - 2017-07-05 22:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation

2017-09-12 16:46 - 2017-07-05 22:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2017-09-12 16:46 - 2016-10-08 14:35 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-09-12 15:26 - 2016-09-13 14:08 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller

2017-09-12 15:25 - 2015-12-10 22:03 - 000000000 ____D C:\ProgramData\Package Cache

2017-09-12 14:29 - 2015-12-13 18:58 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-09-12 14:28 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-09-12 14:28 - 2015-12-13 18:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-09-08 22:31 - 2017-07-27 15:30 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3840187337-3860288294-2545479360-1001

2017-09-08 22:31 - 2016-04-02 23:17 - 000002373 _____ C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-09-08 22:31 - 2016-01-30 00:31 - 000000000 ___RD C:\Users\pahmadi\OneDrive

2017-09-07 10:19 - 2017-08-11 19:20 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 4 Browser.lnk

2017-09-07 10:19 - 2017-07-05 22:24 - 000004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458685729

2017-09-06 18:31 - 2017-07-19 19:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys

2017-09-06 18:31 - 2017-07-05 22:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

2017-09-06 18:31 - 2016-03-22 18:28 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2017-09-06 18:31 - 2015-12-10 22:48 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2017-09-06 18:30 - 2017-03-04 19:18 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys

2017-09-06 18:30 - 2017-03-04 19:18 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys

2017-09-06 18:30 - 2017-03-04 19:18 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys

2017-09-06 18:30 - 2017-03-04 19:18 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys

2017-09-02 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-09-02 11:15 - 2017-03-18 17:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-08-31 17:59 - 2017-05-19 10:02 - 000000000 ____D C:\Users\pahmadi\AppData\LocalLow\Mozilla

2017-08-30 02:39 - 2015-12-27 22:54 - 000000000 ____D C:\Users\pahmadi\AppData\Roaming\Audacity

2017-08-28 18:16 - 2015-12-10 22:49 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-08-28 18:16 - 2015-12-10 22:49 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-12-10 23:50 - 2015-12-23 20:29 - 001065984 _____ () C:\Users\pahmadi\AppData\Local\file__0.localstorage

2017-09-15 01:26 - 2017-09-15 01:26 - 000000218 _____ () C:\Users\pahmadi\AppData\Local\recently-used.xbel

2016-08-08 21:32 - 2016-08-08 21:32 - 000007605 _____ () C:\Users\pahmadi\AppData\Local\Resmon.ResmonCfg

2017-07-05 22:20 - 2017-07-05 22:20 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

2016-12-26 02:30 - 2017-03-09 15:30 - 000005943 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-26 02:30 - 2017-03-09 02:16 - 000008442 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:

====================

2017-05-31 12:17 - 2017-05-18 01:21 - 000869200 _____ (NVIDIA Corporation) C:\Users\pahmadi\AppData\Local\Temp\nvSCPAPI64.dll

2017-08-14 23:40 - 2017-05-18 01:21 - 000367552 _____ (NVIDIA Corporation) C:\Users\pahmadi\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-12 23:18

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017

Ran by pahmadi (21-09-2017 11:51:18)

Running from E:\

Windows 10 Home Version 1703 (X64) (2017-07-06 02:27:10)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3840187337-3860288294-2545479360-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3840187337-3860288294-2545479360-503 - Limited - Disabled)

Guest (S-1-5-21-3840187337-3860288294-2545479360-501 - Limited - Disabled)

pahmadi (S-1-5-21-3840187337-3860288294-2545479360-1001 - Administrator - Enabled) => C:\Users\pahmadi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.28 - NVIDIA Corporation) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)

Atom (HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\atom) (Version: 1.20.1 - GitHub Inc.)

Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)

Batman: Arkham Origins - The Complete Edition (HKLM-x32\...\Batman: Arkham Origins - The Complete Edition_is1) (Version: - )

Bayonetta (HKLM-x32\...\Bayonetta_is1) (Version: - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)

Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )

Deus Ex: Mankind Divided (HKLM-x32\...\Deus Ex: Mankind Divided_is1) (Version: - )

Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)

Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )

FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts)

FIFA 17 (HKLM\...\FIFA 17_is1) (Version: 1.0.0.0 - )

FIFA 17 DEMO (HKLM-x32\...\{39C00B2C-EA3C-4A6B-AECF-DADA0F09C2AE}) (Version: 1.0.45.26330 - Electronic Arts)

FIFA 18 DEMO (HKLM-x32\...\{5D17162D-8095-4B35-B41F-6F55D154E9F9}) (Version: 1.0.49.32463 - Electronic Arts)

Fraps (HKLM-x32\...\Fraps) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden

Hellblade: Senua's Sacrifice (HKLM-x32\...\Hellblade: Senua's Sacrifice_is1) (Version: - )

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)

HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)

Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)

Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Driver Update Utility 2.2.0.5 (HKLM-x32\...\{C4FB3CF4-C845-4746-A9F5-476908266433}) (Version: 2.2.0.1 - Intel) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)

Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)

iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)

Life is Strange: Complete Season 1 (HKLM-x32\...\Life is Strange: Complete Season 1_is1) (Version: - )

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC (HKLM-x32\...\Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC_is1) (Version: Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC - Repack by Fenixx (09.03.2013))

MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)

MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)

NBA 2K18 (HKLM-x32\...\NBA 2K18_is1) (Version: - )

NieR: Automata - LOSSLESS Videos (HKLM-x32\...\NieR: Automata - LOSSLESS Videos_is1) (Version: - )

NieR: Automata (HKLM-x32\...\NieR: Automata_is1) (Version: - )

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.28 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)

NVIDIA Graphics Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.28 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 359.06 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden

Online Plug-in (HKLM-x32\...\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.40.723.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)

RivaTuner Statistics Server 7.0.0 Beta 19 (HKLM-x32\...\RTSS) (Version: 7.0.0 Beta 19 - Unwinder)

RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)

SafeZone Stable 1.46.1990.139 (HKLM-x32\...\SafeZone 1.46.1990.139) (Version: 1.46.1990.139 - Avast Software) Hidden

SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden

Self-service Plug-in (HKLM-x32\...\{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}) (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Tales from the Borderlands: Episodes 1-5 (HKLM-x32\...\Tales from the Borderland: Episodes 1-5_is1) (Version: - )

The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com)

The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com)

The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)

The Wolf Among Us (HKLM-x32\...\1432213513_is1) (Version: 2.0.0.1 - GOG.com)

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.6 - Tweaking.com)

Undertale (HKLM-x32\...\1456487183_is1) (Version: 2.0.0.2 - GOG.com)

Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)

Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\program files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Notepad++\NppShell_06.dll [2015-04-15] ()

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)

ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\pahmadi\Downloads\RarExt.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\pahmadi\Downloads\RarExt32.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll [2016-12-23] ()

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\program files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-09] (NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\program files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\pahmadi\Downloads\RarExt.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\pahmadi\Downloads\RarExt32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EEA146-A8F7-49FA-9FDC-399368674EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {1161DB32-B106-4150-A05C-F03DD342040C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()

Task: {11CD550D-A54B-4E26-BC57-3D707352E83F} - \WPD\SqmUpload_S-1-5-21-3840187337-3860288294-2545479360-1001 -> No File <==== ATTENTION

Task: {17FF7A46-AF93-43E9-8DD3-2C5625FBC6C3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)

Task: {1A3AA77B-A047-4E7B-A823-CE7EA658195D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)

Task: {20301EF5-5634-4ABE-B168-990F137FFD01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

Task: {215E06F6-8B61-4ADD-93C6-83AD929FECED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)

Task: {293ECE89-1EE4-481A-AE73-CE2D69592DAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Users\pahmadi\Desktop\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe

Task: {3E61960E-A359-4152-819F-7696FB4D2D0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)

Task: {3F39E832-9B28-46B1-A9DF-88EF5D9A86B7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-05] (Microsoft Corporation)

Task: {4A69CA0A-C886-4943-9B69-E0D8112B23BF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)

Task: {52AA92AD-C352-4470-B7CD-E30E3EC6A8CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)

Task: {63B35ABE-F9E5-40DA-BF89-1FF3AEF5F7E9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)

Task: {65F26281-1EE2-45EC-A22A-7CDA1ACFA820} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-06] (AVAST Software)

Task: {6EA1888A-00D8-4712-9066-8820428EAF18} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)

Task: {6FE5844E-AFF1-494E-B989-662630E40EBB} - System32\Tasks\{394C945B-1D25-4C06-9BC8-E602C092BE8D} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServiceUninstaller.exe" -c -u "webfas-79f28e00@@WEBFAS.SPSS 23"

Task: {7C0F459B-8BEE-416E-9F12-8AF67B56CFEB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)

Task: {91DE6FB3-189B-4541-9692-D0E0898E5669} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)

Task: {A11D7057-70C3-420E-9E41-9FDB181A1954} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)

Task: {A2A1F7C0-AF02-46F7-9919-ACBAA2467273} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)

Task: {A848605E-F5E3-468C-9F94-1AA7B030CE6F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)

Task: {BA705F22-48E7-4913-9B25-D9EC64128D57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)

Task: {C2168DDA-B9F9-4EE1-97D6-2EB90DF024D7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)

Task: {C728BBE0-E23E-483C-BA1F-3339283CEF09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-05] (Microsoft Corporation)

Task: {D1B26571-4B28-4800-97D8-F55B8F0EB175} - System32\Tasks\SafeZone scheduled Autoupdate 1452366284 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

Task: {E14DFEF5-B3E1-4FC4-86EE-A4615D7B1534} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)

Task: {F0CD125B-D426-4881-8DFC-AFBEECC9FC01} - System32\Tasks\SafeZone scheduled Autoupdate 1458685729 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

Task: {FFA4B6B6-FBD2-46CF-A37D-95B6F8476D37} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off

==================== Loaded Modules (Whitelisted) ==============

2016-10-08 14:35 - 2017-08-18 00:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2015-12-09 03:59 - 2015-12-09 03:59 - 000580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

2016-05-17 20:31 - 2017-01-29 09:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2014-05-01 10:13 - 2016-12-23 22:20 - 000592384 _____ () C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll

2015-04-15 16:13 - 2015-04-15 16:13 - 000222720 _____ () E:\Notepad++\NppShell_06.dll

2017-08-26 12:02 - 2017-08-26 12:02 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-08-26 12:02 - 2017-08-26 12:02 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-08-26 12:02 - 2017-08-26 12:02 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-08-26 12:02 - 2017-08-26 12:02 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll

2017-08-28 18:15 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll

2017-08-28 18:15 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll

2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () E:\zlib1.dll

2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () E:\libxml2.dll

2014-11-10 13:12 - 2014-11-10 13:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-05-17 20:31 - 2017-01-29 05:46 - 008929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

2014-05-01 10:15 - 2016-12-23 22:20 - 000564736 _____ () C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX32.dll

2015-12-07 12:43 - 2015-12-07 12:43 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll

2015-12-07 12:43 - 2015-12-07 12:43 - 000057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll

2015-12-07 12:44 - 2015-12-07 12:44 - 000225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll

2015-12-07 12:43 - 2015-12-07 12:43 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll

2015-12-07 12:44 - 2015-12-07 12:44 - 000657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll

2017-07-03 15:54 - 2017-07-03 15:54 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2017-09-06 18:31 - 2017-09-06 18:31 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-10-08 14:35 - 2017-08-18 00:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

2016-10-08 14:35 - 2017-08-18 00:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\Control Panel\Desktop\\Wallpaper -> e:\thumb-350-320986.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AvastVBoxSvc => 3

MSCONFIG\Services: lfsvc => 3

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{72059826-2DD2-4806-968A-AF6A5707D6C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{5240993E-7C06-4819-AE2D-792150AC5436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{D2159E97-4F9A-4EB7-8489-EBB523E91B21}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{8FAC55E1-7DD8-45DC-8173-3421D9474730}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [UDP Query User{E57C0B53-27B0-4A05-B161-FEBE51127EB5}E:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) E:\games\prey\binaries\danielle\x64\release\prey.exe

FirewallRules: [TCP Query User{9532DEA5-4D41-4D82-9554-38BA3161DE74}E:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) E:\games\prey\binaries\danielle\x64\release\prey.exe

FirewallRules: [UDP Query User{8BE371AF-9C90-4E41-A572-20B6D5AC2588}E:\games\a wii usb folder\wiiu_usb_helper.exe] => (Block) E:\games\a wii usb folder\wiiu_usb_helper.exe

FirewallRules: [TCP Query User{F8AB09C5-8F76-4F14-9EA5-50879FB1A040}E:\games\a wii usb folder\wiiu_usb_helper.exe] => (Block) E:\games\a wii usb folder\wiiu_usb_helper.exe

FirewallRules: [UDP Query User{204E2CDB-3750-4EA3-924F-7E4EB58D22DB}E:\games\7a3ec1-cemu173d_066de503b8c75fd\wiiu_usb_helper.exe] => (Block) E:\games\7a3ec1-cemu173d_066de503b8c75fd\wiiu_usb_helper.exe

FirewallRules: [TCP Query User{EFD941EB-2B7E-46A8-95A5-36745D44E206}E:\games\7a3ec1-cemu173d_066de503b8c75fd\wiiu_usb_helper.exe] => (Block) E:\games\7a3ec1-cemu173d_066de503b8c75fd\wiiu_usb_helper.exe

FirewallRules: [{A2770855-C28A-436F-B7B5-FB4694B8B0FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2AD3F555-8299-48AD-A3CC-BD8087E085BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{F9AA4DBC-EC00-44F7-9A4E-36D3FB1F25CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{E63CE914-42FC-44D6-947A-69DC000684A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{6359BCAF-F074-4DCE-8BB7-03AD47A369B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{647CF0F7-FB28-4988-A356-1088FC5A82EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{854D8606-698D-465D-BAE6-865F512EBB7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [UDP Query User{DE046CCC-CFE7-4202-92A5-FBC312F3F7E1}E:\games\call of duty - infinite warfare\iw7_ship.exe] => (Block) E:\games\call of duty - infinite warfare\iw7_ship.exe

FirewallRules: [TCP Query User{024F33C9-AE3D-47FD-99AD-08B9BAD565C5}E:\games\call of duty - infinite warfare\iw7_ship.exe] => (Block) E:\games\call of duty - infinite warfare\iw7_ship.exe

FirewallRules: [{C77B9B18-0470-474B-A935-63EB2A24BC45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{645D940D-CCFC-4B3C-9BB5-CDC1CE5BE746}] => (Allow) E:\SteamGames\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{383F5EEF-1397-4FBA-B82B-117143F7B133}] => (Allow) E:\SteamGames\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{12532985-8E2E-4E08-BD0B-5F51C6D1B918}] => (Block) E:\Games\WWE 2K16\WWE2K16.exe

FirewallRules: [{524F7B37-3DAB-4C8B-9210-6BFB66ACB0D9}] => (Block) E:\Games\WWE 2K16\WWE2K16.exe

FirewallRules: [{16677B84-4748-4237-B403-E469364BE627}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe

FirewallRules: [{C75099FD-5390-4559-8402-46DB636B455F}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe

FirewallRules: [{3C2C5BEA-A485-452B-B949-F14A3F9A26A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{F2C0810A-DCF7-4535-A50D-A1D1456D81E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [UDP Query User{D2D16456-5462-43A5-9952-B86A731BEF1A}E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => (Allow) E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe

FirewallRules: [TCP Query User{41A32F6C-725C-44AA-A33F-55A0DCF2FDC5}E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => (Allow) E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe

FirewallRules: [UDP Query User{978D1139-1FC1-4243-923F-BEA0D15F4858}E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [TCP Query User{AFBEE18E-242D-4129-9359-89A9D426F29A}E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [UDP Query User{D0B18DAB-1886-4A2F-95CF-976AC12D838D}E:\games\mass effect 2\binaries\masseffect2.exe] => (Block) E:\games\mass effect 2\binaries\masseffect2.exe

FirewallRules: [TCP Query User{C387CD3A-976C-4FE2-A43A-100D61105E8A}E:\games\mass effect 2\binaries\masseffect2.exe] => (Block) E:\games\mass effect 2\binaries\masseffect2.exe

FirewallRules: [UDP Query User{C6319E23-8E89-4DBD-A16D-9D18815EDFFE}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe

FirewallRules: [TCP Query User{46589999-D8D3-413C-9367-315AFCF8FB1B}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{7B70A298-F8C9-4FFA-ABA6-8BC9BEA6F9E1}E:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) E:\program files (x86)\origin games\fifa 16\fifa16.exe

FirewallRules: [TCP Query User{25E0CD3E-D64B-4D03-ABDF-159D0DAB5F17}E:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) E:\program files (x86)\origin games\fifa 16\fifa16.exe

FirewallRules: [{4B86F244-3CF5-4EE8-89D3-399EF653E8C1}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

FirewallRules: [{BE3A0F63-2D5A-419C-979C-9F7FF66162F1}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

FirewallRules: [UDP Query User{F3A8869C-2FD0-4FAB-9378-D7EAA12867AB}E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe

FirewallRules: [TCP Query User{3B9C4912-B9FF-41FA-A101-14A7746128CE}E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe

FirewallRules: [UDP Query User{1099DD03-C3B6-46FE-B456-34236D2D1C41}E:\program files\deluge\deluge.exe] => (Block) E:\program files\deluge\deluge.exe

FirewallRules: [TCP Query User{417CC0D1-BF2E-49E3-A7CD-9332F0E162BD}E:\program files\deluge\deluge.exe] => (Block) E:\program files\deluge\deluge.exe

FirewallRules: [{C0035F1A-4351-448B-B6C7-B18D2FAA8CB7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{179DA074-1FAF-4DBF-84D5-C2DC74D1690F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{88C51A6B-E858-474E-8B91-1F1D4544146E}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{8C0AC25C-317B-4A99-A39A-601F4D50DF8A}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{53340FB0-430E-48D2-975A-8629E682008F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{FA146FD5-EAE5-4D45-9A89-564DC41F81B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{A6882C60-CA13-4CD0-A35D-4ED83A85E011}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{878AB48C-196F-4928-B019-9A1EE47529F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{A2A341C9-BEE9-4EC8-B47D-B603684241F5}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe

FirewallRules: [{4431F62C-829D-498E-9500-10F6F961B08C}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe

FirewallRules: [TCP Query User{E3D8EBF8-AC60-4308-9A6E-46D7D36C2365}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe

FirewallRules: [UDP Query User{332770D5-E53D-4743-8A26-2805899A5A95}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe

FirewallRules: [{CEE51D2C-6F58-4B44-80DF-7470B507D4F7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{E7715403-9932-4AF9-8953-BB02F2C4D663}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{98C04D4E-6EFA-4B27-964C-97B953F3834F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E90ABA9B-BFCA-4476-9673-1EED03FEBBA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{479A758F-34EE-490E-A221-82B7A23CA629}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{C7FE888D-076D-4A20-84AF-925C498F5EA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{75734CAC-C059-4420-AAD2-A28090C70C80}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

FirewallRules: [{39119A8F-C236-4AFE-9241-27FACC37C380}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

FirewallRules: [{72357AE1-B4F6-41EE-845A-62D898A90AEF}] => (Allow) E:\Just.Cause.3.XL.Edition.SteamRip-Fisher\Just Cause 3\Steam\Steam.exe

FirewallRules: [{44D63FB1-C32C-4A37-8A64-E266B25D83CA}] => (Allow) E:\Just.Cause.3.XL.Edition.SteamRip-Fisher\Just Cause 3\Steam\Steam.exe

FirewallRules: [{75A88A90-7D16-4119-8AD5-CF2AC825997E}] => (Block) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

FirewallRules: [{C58336A1-D789-4E96-A136-A094A5581952}] => (Block) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

FirewallRules: [TCP Query User{222C8A48-C05A-4637-A361-8829D1DF7D65}E:\games\doom\doomx64.exe] => (Block) E:\games\doom\doomx64.exe

FirewallRules: [UDP Query User{16B16F31-258C-4DFF-8B60-3DD28FCAC42F}E:\games\doom\doomx64.exe] => (Block) E:\games\doom\doomx64.exe

FirewallRules: [{9FDE8567-9873-4793-8BC6-56CA6429974C}] => (Allow) E:\SteamGames\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe

FirewallRules: [{B4B76B2F-F5CE-4B5C-9F78-3A37F5085BDE}] => (Allow) E:\SteamGames\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe

FirewallRules: [{6948BBC4-563C-4F28-A4F6-4CB04F59D2C7}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe

FirewallRules: [{8B742906-1860-4944-AD5A-F4BFE20D1DFD}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe

FirewallRules: [TCP Query User{672D35CC-5544-4DF5-90B6-23DF17EBC01D}E:\program files (x86)\origin games\fifa 17 demo\fifa17_demo.exe] => (Allow) E:\program files (x86)\origin games\fifa 17 demo\fifa17_demo.exe

FirewallRules: [UDP Query User{55E7CB98-657F-4105-9B3A-70847933CF90}E:\program files (x86)\origin games\fifa 17 demo\fifa17_demo.exe] => (Allow) E:\program files (x86)\origin games\fifa 17 demo\fifa17_demo.exe

FirewallRules: [TCP Query User{0F12FBD7-31C9-43E8-B0C8-855FCF98D676}E:\games\nba 2k17\nba2k17.exe] => (Block) E:\games\nba 2k17\nba2k17.exe

FirewallRules: [UDP Query User{E10AA303-CA5A-4959-BFD9-012F94DAA90A}E:\games\nba 2k17\nba2k17.exe] => (Block) E:\games\nba 2k17\nba2k17.exe

FirewallRules: [TCP Query User{C98DF05C-4E72-48AC-A122-C23180735AF6}E:\games\fifa 17\fifa17.exe] => (Block) E:\games\fifa 17\fifa17.exe

FirewallRules: [UDP Query User{2B4433C6-80CA-464B-8778-A47EE489E136}E:\games\fifa 17\fifa17.exe] => (Block) E:\games\fifa 17\fifa17.exe

FirewallRules: [{75A8F769-3CE2-4D0B-BFB8-C22B4C7B0951}] => (Block) E:\cemu182b-cracked\cemu182b-cracked\Cemu.exe

FirewallRules: [{C46E8BD9-B6EA-43CB-9670-1FADDAF72103}] => (Block) E:\cemu182b-cracked\cemu182b-cracked\Cemu.exe

FirewallRules: [{7A896E8A-4889-45EF-B550-5E0B87A8CA7B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe

FirewallRules: [{2EF22AD7-B0D1-4C0C-8C8B-1793207B5AFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{1F0ED159-F976-4986-A37E-C57B4C93651F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{9385CB65-BAF9-4C2A-BC91-1A28F2EA8DB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FD724226-36D4-4935-A7E9-A45F50C0B6F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{35EB9E96-9C04-49CE-B258-FDB2D570A719}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{1D268EC1-D42A-4476-A9AA-E609EDFF9BA8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe

FirewallRules: [{5BE9C566-00AE-4436-980F-6288B0655FA1}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe

FirewallRules: [{5395251D-1BF0-4C6C-8F68-148767A9B25F}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe

FirewallRules: [TCP Query User{4656521D-D8EF-4BD0-AC61-383282981BE7}E:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) E:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe

FirewallRules: [UDP Query User{64146B5E-C2D5-45EC-ACB4-2A6FA49E0B93}E:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) E:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe

FirewallRules: [{17C69A72-E2EC-4123-BAD8-B8C408ED6215}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{C6128742-9D97-4C80-AF23-7BF3F7670ABC}] => (Allow) E:\iTunes.exe

==================== Restore Points =========================

03-09-2017 00:13:05 Scheduled Checkpoint

11-09-2017 22:49:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/21/2017 10:36:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NVDisplay.Container.exe, version: 1.2.0.0, time stamp: 0x598b8ec0

Faulting module name: nvxdapix.dll, version: 8.17.13.8528, time stamp: 0x598b8786

Exception code: 0xc0000005

Fault offset: 0x00000000002f666b

Faulting process id: 0xe28

Faulting application start time: 0x01d33292f3228cd9

Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

Faulting module path: C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll

Report Id: 3a355050-420e-41d0-9a6e-a40db6cc4bd1

Faulting package full name:

Faulting package-relative application ID:

Error: (09/21/2017 10:23:35 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (09/20/2017 09:51:27 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (09/20/2017 04:44:05 PM) (Source: SideBySide) (EventID: 35) (User: )

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2017 09:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000604

Fault offset: 0x0000000000000000

Faulting process id: 0x978

Faulting application start time: 0x01d331b119a508c2

Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: unknown

Report Id: ec661807-13e9-46b2-b202-46eaa1189c5d

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (09/19/2017 09:38:05 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000604

Fault offset: 0x0000000000000000

Faulting process id: 0x978

Faulting application start time: 0x01d331b119a508c2

Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: unknown

Report Id: 674d05e7-ebea-4922-afd5-2f07b38e5588

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (09/19/2017 09:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000604

Fault offset: 0x0000000000000000

Faulting process id: 0x978

Faulting application start time: 0x01d331b119a508c2

Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: unknown

Report Id: 4168d880-9188-4298-8ab5-87a608bdf4aa

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (09/19/2017 09:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000604

Fault offset: 0x0000000000000000

Faulting process id: 0x978

Faulting application start time: 0x01d331b119a508c2

Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: unknown

Report Id: 398215fa-5363-47d6-9c0f-4f65db3718fb

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (09/19/2017 09:37:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPC)

Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/19/2017 09:37:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000604

Fault offset: 0x0000000000000000

Faulting process id: 0x2f14

Faulting application start time: 0x01d331b1011094ad

Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: unknown

Report Id: 275b3f7f-ae80-4e14-b395-89eaeda1b2d5

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

System errors:

=============

Error: (09/20/2017 05:23:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/19/2017 08:28:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2017 12:16:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/18/2017 06:18:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (09/18/2017 05:58:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/18/2017 11:20:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (09/17/2017 03:24:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (09/17/2017 12:10:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/17/2017 12:35:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (09/16/2017 03:04:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

CodeIntegrity:

===================================

Date: 2017-07-29 20:33:49.710

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-07-26 13:27:29.915

Date: 2017-07-19 20:48:14.725

Date: 2017-07-19 19:57:01.466

Date: 2017-07-18 18:49:36.014

Date: 2017-07-07 11:54:52.503

Date: 2017-07-07 11:54:52.043

Date: 2017-07-05 22:28:05.483

==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz

Percentage of memory in use: 74%

Total physical RAM: 8143.88 MB

Available physical RAM: 2048.25 MB

Total Virtual: 12239.88 MB

Available Virtual: 3343.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.93 GB) (Free:134.82 GB) NTFS

Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:165.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by SuprememMystique, 21 September 2017 - 10:32 AM.

#4
RKinner

Posted 21 September 2017 - 10:52 AM

Malware Expert

Expert
24,625 posts

I don't see any signs of an infection. Since the files that hitman found are in an nvidia folder and you are getting several nvidia errors you probably need to reinstall the latest version of

NVIDIA GeForce Experience.

We can clean up some deadwood if you like:

Download the attached fixlist.txt to the same location as FRST

[attachment=86016:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#5
SuprememMystique

Posted 21 September 2017 - 11:33 AM

Member

Topic Starter
Member
19 posts

Thanks a lot for your help. Usually, HM Pro is always paranoid about nvidia files. It also claims that some other files are suspicious from time to time. I restarted it after an nvidia update, hitman pro does not show it anymore.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017

Ran by pahmadi (21-09-2017 13:28:29) Run:2

Running from E:\

Loaded Profiles: pahmadi (Available Profiles: pahmadi)

Boot Mode: Normal

==============================================

fixlist content:

*****************

C:\Users\pahmadi\AppData\Local\Temp\4eyicpzh.dll

C:\Users\pahmadi\AppData\Local\Temp\9a0odmt7.dll

C:\Users\pahmadi\AppData\Local\Temp\avgnt.exe

C:\Users\pahmadi\AppData\Local\Temp\dllnt_dump.dll

C:\Users\pahmadi\AppData\Local\Temp\gad9ij7i.dll

C:\Users\pahmadi\AppData\Local\Temp\gjtmhcc-.dll

C:\Users\pahmadi\AppData\Local\Temp\jtboowys.dll

C:\Users\pahmadi\AppData\Local\Temp\lh8oakql.dll

C:\Users\pahmadi\AppData\Local\Temp\libeay32.dll

C:\Users\pahmadi\AppData\Local\Temp\m6co-hcp.dll

C:\Users\pahmadi\AppData\Local\Temp\msvcr120.dll

C:\Users\pahmadi\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\pahmadi\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\pahmadi\AppData\Local\Temp\nvStInst.exe

C:\Users\pahmadi\AppData\Local\Temp\qvcmqzrk.dll

C:\Users\pahmadi\AppData\Local\Temp\sqlite3.dll

ask: {03EEA146-A8F7-49FA-9FDC-399368674EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {13E8B8C4-C62B-4E52-A1AC-7CB36D3E7A00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {4BB79EB5-74C8-4D3C-98D1-3E99B181E8D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {700D2B53-DD55-4F8C-A9E7-895A62C8ADFD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {89E097FA-DA17-4C9A-957B-93DD2C09FC1E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {95A3C0B9-6682-4846-A2E3-CCA42F2DC98C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {99D12236-AA79-432C-BFF3-9FBB52A21D9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {B43CE578-C76D-4C15-8EFF-C332E27064A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {BDDF6595-A1A3-42F2-9D03-474FA9CBC650} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {D0EDADF9-4A01-4254-9D41-D40B97401A8B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {D7B59B03-2FA9-4CBB-B0F4-47AC7A303123} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {D97F2DB2-BA09-4225-8AAE-8201753A71EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.)

Task: {E883FB0E-8377-4836-A330-D7F83E9B8DD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {E8E3B91E-C159-4695-9523-B6E0FF7B272C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software)

Task: {F72F5F3D-7C5A-4160-A80A-57C25D1765CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

*****************

"C:\Users\pahmadi\AppData\Local\Temp\4eyicpzh.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\9a0odmt7.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\avgnt.exe" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\dllnt_dump.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\gad9ij7i.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\gjtmhcc-.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\jtboowys.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\lh8oakql.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\libeay32.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\m6co-hcp.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\msvcr120.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\nvSCPAPI.dll" => not found.

C:\Users\pahmadi\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully

C:\Users\pahmadi\AppData\Local\Temp\nvStInst.exe => moved successfully

"C:\Users\pahmadi\AppData\Local\Temp\qvcmqzrk.dll" => not found.

"C:\Users\pahmadi\AppData\Local\Temp\sqlite3.dll" => not found.

ask: {03EEA146-A8F7-49FA-9FDC-399368674EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13E8B8C4-C62B-4E52-A1AC-7CB36D3E7A00} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB79EB5-74C8-4D3C-98D1-3E99B181E8D8} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{700D2B53-DD55-4F8C-A9E7-895A62C8ADFD} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E097FA-DA17-4C9A-957B-93DD2C09FC1E} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95A3C0B9-6682-4846-A2E3-CCA42F2DC98C} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99D12236-AA79-432C-BFF3-9FBB52A21D9D} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B43CE578-C76D-4C15-8EFF-C332E27064A9} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDDF6595-A1A3-42F2-9D03-474FA9CBC650} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0EDADF9-4A01-4254-9D41-D40B97401A8B} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B59B03-2FA9-4CBB-B0F4-47AC7A303123} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D97F2DB2-BA09-4225-8AAE-8201753A71EF} => key not found.

C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E883FB0E-8377-4836-A330-D7F83E9B8DD2} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E3B91E-C159-4695-9523-B6E0FF7B272C} => key not found.

C:\WINDOWS\System32\Tasks\avast! Emergency Update => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F72F5F3D-7C5A-4160-A80A-57C25D1765CF} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.

C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => not found.

C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => not found.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => not found.

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => not found.

==== End of Fixlog 13:28:30 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017

Ran by pahmadi (administrator) on PAPC (21-09-2017 13:29:16)