Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot install or launch any anti virus software or open tskmg [Solved

Started by Ben2431 , Oct 02 2017 05:06 PM

  • This topic is locked This topic is locked

#1
Ben2431
Posted 02 October 2017 - 05:06 PM

Ben2431

    New Member

  • Member
  • Pip
  • 6 posts

Hi all and thank you in advance for any help,

 

I have had this problem for a few weeks now but have not been able to fix it. i cannot launch into safe mode from settings or using the shift key option either. anytime i try to install any sort of anti virus software i get the process is in use error and i cannot run any existing anti virus programs on my computer as i get the same result. windows defender has been disbaled and i am really out of ideas and resources to try solve this problem. Any help will be greatly appreciated

 

Thanks,

Ben


  • 0

Advertisements

#2
JSntgRvr
Posted 02 October 2017 - 07:13 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Hi

Welcome :)

I'll be assisting you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


  • 0

#3
Ben2431
Posted 02 October 2017 - 07:26 PM

Ben2431

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

heres the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2017 01
Ran by bewin (administrator) on BEN-LAPTOP (02-10-2017 21:23:41)
Running from C:\Users\bewin\Downloads
Loaded Profiles: bewin (Available Profiles: defaultuser0 & bewin)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools\MMERefresh.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Media Gobbler, Inc) C:\Program Files (x86)\Media Gobbler, Inc\Downstream Proxy\downstreamproxyservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Hotkey\rerun.exe
() C:\Windows\System32\msfathb.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
() C:\Program Files\Avid\Cloud Client Services\Hub.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
() C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe
(Power Software Ltd) D:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-12] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2017-03-23] (Avid Technology, Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-15] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Program Files\PowerISO\PWRISOVM.EXE [449280 2017-07-05] (Power Software Ltd)
HKLM-x32\...\Run: [svcvmx] => C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-27] () <==== ATTENTION
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2017-03-09] (Wargaming.net)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-09-18] (Apple Inc.)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-09-18] (Apple Inc.)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-09-18] (Apple Inc.)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\Run: [GobblerTray] => C:\Program Files (x86)\Media Gobbler, Inc\User Agent\GobblerTray.exe [1031208 2016-12-19] (Media Gobbler, Inc)
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\MountPoints2: E - "E:\SETUP.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-03-24]
ShortcutTarget: Avid Application Manager.lnk -> C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe (Avid Technology, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2017-09-26]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-04-22]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UMC Audio Control Panel Autostart.lnk [2017-04-08]
ShortcutTarget: UMC Audio Control Panel Autostart.lnk -> C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{2228270e-1748-4c7a-ad08-8e35ef94ba4b}: [DhcpNameServer] 166.66.86.243 166.66.86.244 166.66.86.144 192.206.29.2
Tcpip\..\Interfaces\{22f5d0cb-1c61-4085-9d6f-6ffc8f20894a}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{36a344c7-a616-4adb-aa90-4a8eee677fda}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{c2aca4cb-d64c-4abd-b1cc-ee96285b316d}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-01] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hp&ts=1398385383&from=irs&uid=HGSTXHTS725032A7E630_TF645AY107M8JJ07M8JJX&i=psd&t=34180ad07","hxxp://www.v9.com/?type=hppp&ts=1398385460&from=irs&uid=HGSTXHTS725032A7E630_TF645AY107M8JJ07M8JJX&i=psd&t=34180b00f","about:blank"
CHR NewTab: Default ->  Not-active:"chrome-extension://kellhjpbhbklbappamhkdibfdookjaki/index.html"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Slides) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-01]
CHR Extension: (Google Docs) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-01]
CHR Extension: (Google Drive) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
CHR Extension: (YouTube) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
CHR Extension: (Unknown Space) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpjdbdbhiomamecfnjahemfimgjamhjd [2017-08-31]
CHR Extension: (Google Sheets) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-01]
CHR Extension: (iCloud Bookmarks) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-08-01]
CHR Extension: (Slither.io Mod Play with friends Without LAGS) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\foocpcikeakahdlplgpgfoilanoajijf [2017-08-01]
CHR Extension: (Google Docs Offline) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-01]
CHR Extension: (AdBlock) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-19]
CHR Extension: (Search Manager) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kellhjpbhbklbappamhkdibfdookjaki [2017-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\bewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3759752 2016-05-18] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2235144 2017-02-02] ()
R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [6631688 2017-02-02] (Avid Technology, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-09-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2017-03-23] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2017-03-23] (Avid Technology, Inc.) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-03-23] (EasyAntiCheat Ltd)
R2 gobblerproxy; C:\Program Files (x86)\Media Gobbler, Inc\Downstream Proxy\downstreamproxyservice.exe [15872 2016-12-19] (Media Gobbler, Inc) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Insyde Software Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25312 2016-11-01] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-11-08] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2126016 2017-04-07] (Rivet Networks)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [186544 2017-10-01] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [33280 2016-12-05] (CLEVO CO.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [276544 2017-05-17] (Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
PCW (Start=4 -> Start=0) <==== restored successfully
R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [43944 2017-02-24] (Insyde Corporation)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164584 2017-03-14] (Qualcomm Atheros, Inc.)
S3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp.)
S3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp.)
S3 iLokDrvr; C:\WINDOWS\System32\drivers\iLokDrvr.sys [33504 2017-08-03] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvcvwu.inf_amd64_166fee8ea72cb783\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
S4 rbvnimo; C:\WINDOWS\System32\drivers\lhbpk.sys [79064 2017-08-01] (Malwarebytes Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [111336 2017-04-07] (Rivet Networks, LLC.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72768 2017-05-17] (Synaptics Incorporated)
S3 umc_audio; C:\WINDOWS\System32\drivers\umc_audio_x64.sys [288328 2015-12-08] ()
S3 umc_audioks; C:\WINDOWS\system32\DRIVERS\umc_audioks_x64.sys [56904 2015-12-08] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [54352 2016-08-18] (Intel Corporation)
S1 dclbazuy; \??\C:\WINDOWS\system32\drivers\dclbazuy.sys [X]
S1 egxrbiww; \??\C:\WINDOWS\system32\drivers\egxrbiww.sys [X]
S1 pmiiysup; \??\C:\WINDOWS\system32\drivers\pmiiysup.sys [X]
S1 tpoekcdv; \??\C:\WINDOWS\system32\drivers\tpoekcdv.sys [X]
S1 twetnwtq; \??\C:\WINDOWS\system32\drivers\twetnwtq.sys [X]
S1 ztsxugpp; \??\C:\WINDOWS\system32\drivers\ztsxugpp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-02 21:23 - 2017-10-02 21:23 - 000025419 _____ C:\Users\bewin\Downloads\FRST.txt
2017-10-02 21:23 - 2017-10-02 21:23 - 000000000 ____D C:\FRST
2017-10-02 21:22 - 2017-10-02 21:22 - 002399744 _____ (Farbar) C:\Users\bewin\Downloads\FRST64.exe
2017-10-01 15:47 - 2017-10-01 15:47 - 005766464 _____ (Zemana Ltd. ) C:\Users\bewin\Downloads\iexplore.exe
2017-10-01 15:45 - 2017-10-01 15:45 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\bewin\Downloads\rkill.exe
2017-10-01 15:43 - 2017-10-01 15:43 - 016563352 _____ (Malwarebytes Corp.) C:\Users\bewin\Downloads\help.exe
2017-10-01 15:28 - 2017-10-01 15:28 - 000012231 _____ C:\Users\bewin\Downloads\Malwarebytes Premium 3.0  FINAL + Crack [TechTools.ME].torrent
2017-10-01 15:20 - 2017-10-01 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-10-01 15:18 - 2017-07-28 15:06 - 000000000 ____D C:\Users\bewin\Downloads\03_SBX
2017-10-01 15:18 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\07_Hotkey
2017-10-01 15:18 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\05_Touchpad
2017-10-01 15:18 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\04_Cardreader
2017-10-01 15:18 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\03_Lan
2017-10-01 15:18 - 2017-07-28 15:04 - 000000000 ____D C:\Users\bewin\Downloads\Nvidia
2017-10-01 15:18 - 2017-07-28 15:04 - 000000000 ____D C:\Users\bewin\Downloads\01_Chipset
2017-10-01 15:17 - 2017-07-28 15:06 - 000000000 ____D C:\Users\bewin\Downloads\Killer
2017-10-01 15:17 - 2017-07-28 15:06 - 000000000 ____D C:\Users\bewin\Downloads\Intel
2017-10-01 15:17 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\10_Audio
2017-10-01 15:17 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\09_TBT
2017-10-01 15:17 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\08_IME
2017-10-01 15:17 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\06_Airplane
2017-10-01 15:17 - 2017-07-28 15:05 - 000000000 ____D C:\Users\bewin\Downloads\00_IRST
2017-10-01 15:16 - 2017-07-28 15:06 - 000000000 ____D C:\Users\bewin\Downloads\RAID
2017-10-01 15:11 - 2017-10-01 15:11 - 000001284 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2017-10-01 15:11 - 2017-10-01 15:11 - 000000000 ____D C:\Users\bewin\AppData\Roaming\DriverTalent
2017-10-01 15:11 - 2017-10-01 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2017-10-01 15:11 - 2017-10-01 15:11 - 000000000 ____D C:\ProgramData\DriverTalent
2017-10-01 15:11 - 2017-10-01 15:11 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-09-27 02:26 - 2017-09-27 02:26 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-09-26 19:05 - 2017-09-26 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-09-24 11:46 - 2017-09-24 11:46 - 000002116 _____ C:\Users\Public\Desktop\Sibelius 7.5.lnk
2017-09-24 11:46 - 2017-09-24 11:46 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-09-24 11:32 - 2017-09-24 11:32 - 000000000 ____D C:\Users\bewin\Desktop\Drivers for sager
2017-09-19 21:04 - 2017-09-19 21:04 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-19 21:04 - 2017-09-19 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-19 21:04 - 2017-09-19 21:04 - 000000000 ____D C:\Program Files\iPod
2017-09-19 21:03 - 2017-09-19 21:04 - 000000000 ____D C:\Program Files\iTunes
2017-09-19 21:03 - 2017-09-19 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-19 21:03 - 2017-09-19 21:03 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-15 23:01 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-15 23:01 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-15 23:01 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-15 23:01 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-15 23:01 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-15 23:01 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-15 23:01 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-15 23:01 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-15 23:01 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-15 23:01 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-15 23:01 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-15 23:01 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-15 23:01 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:01 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-15 23:01 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-15 23:01 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-15 23:01 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-15 23:01 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-15 23:01 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-15 23:01 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-15 23:01 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-15 23:01 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-15 23:01 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-15 23:01 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 23:01 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-15 23:01 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-15 23:01 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-15 23:01 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-15 23:01 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-15 23:01 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-15 23:01 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-15 23:01 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-15 23:01 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-15 23:01 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-15 23:01 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-15 23:01 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-15 23:01 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-15 23:01 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-15 23:01 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-15 23:00 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-15 23:00 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-15 23:00 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-15 23:00 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-15 23:00 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-15 23:00 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-15 23:00 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-15 23:00 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-15 23:00 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-15 23:00 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-15 23:00 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 23:00 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-15 23:00 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-15 23:00 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-15 23:00 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-15 23:00 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-15 23:00 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-15 23:00 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-15 23:00 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-15 23:00 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-15 23:00 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-15 23:00 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-15 23:00 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-15 23:00 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-15 23:00 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-15 23:00 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-15 23:00 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-15 23:00 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-15 23:00 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-15 23:00 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-15 23:00 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-15 23:00 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-15 23:00 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-15 23:00 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-15 23:00 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-15 23:00 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-15 23:00 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-15 23:00 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-15 23:00 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-15 23:00 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-15 23:00 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-15 23:00 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-15 23:00 - 2017-09-05 01:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-15 23:00 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-15 23:00 - 2017-09-05 01:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-15 23:00 - 2017-09-05 01:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-15 23:00 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-15 23:00 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-15 23:00 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-15 23:00 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-15 23:00 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-15 23:00 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-15 23:00 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-15 23:00 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-15 23:00 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-15 23:00 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-15 23:00 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-15 23:00 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-15 23:00 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-15 23:00 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-15 23:00 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-15 23:00 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-15 23:00 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-15 23:00 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-15 23:00 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-15 23:00 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-15 23:00 - 2017-09-05 00:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-15 23:00 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-15 23:00 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-15 23:00 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-15 23:00 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-15 23:00 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-15 23:00 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-15 23:00 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-15 23:00 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-15 23:00 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-15 23:00 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-15 23:00 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-15 23:00 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-15 23:00 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-15 23:00 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-15 23:00 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-15 23:00 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-15 23:00 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-15 23:00 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-15 23:00 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-15 23:00 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-15 23:00 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-15 23:00 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-15 23:00 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-15 23:00 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-15 23:00 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 23:00 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-15 23:00 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-15 23:00 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-15 23:00 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-15 23:00 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-15 23:00 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 23:00 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-15 23:00 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-15 23:00 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-15 23:00 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-15 23:00 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-15 23:00 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-15 23:00 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-15 23:00 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-15 23:00 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-15 23:00 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-15 23:00 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-15 23:00 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-15 23:00 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-15 23:00 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-15 23:00 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-15 23:00 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-15 23:00 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-15 23:00 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-15 23:00 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-15 23:00 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-15 23:00 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-15 23:00 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-15 23:00 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-15 23:00 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-15 23:00 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-15 23:00 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-15 23:00 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-15 23:00 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-15 23:00 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-15 23:00 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-15 23:00 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-15 23:00 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-15 23:00 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-15 23:00 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-15 23:00 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-15 23:00 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-15 23:00 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-15 23:00 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-11 15:57 - 2017-09-11 15:57 - 000973028 _____ C:\WINDOWS\Minidump\091117-10734-01.dmp
2017-09-08 00:49 - 2017-09-08 00:49 - 000000000 ____D C:\Users\bewin\AppData\LocalLow\Unity
2017-09-05 22:39 - 2017-09-05 22:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-05 22:37 - 2017-09-05 22:37 - 000000000 ____D C:\WINDOWS\pss
2017-09-02 16:45 - 2017-09-15 13:43 - 000000000 ____D C:\Users\bewin\AppData\Local\Arma 3
2017-09-02 16:45 - 2017-09-02 17:28 - 000000000 ____D C:\Users\bewin\OneDrive\Documents\Arma 3
2017-09-02 16:45 - 2017-09-02 16:45 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2017-09-02 16:37 - 2017-09-15 13:44 - 000000000 ____D C:\Users\bewin\AppData\Local\Arma 3 Launcher
2017-09-02 16:37 - 2017-09-02 16:37 - 000000000 ____D C:\Users\bewin\AppData\Local\Bohemia_Interactive
2017-09-02 15:47 - 2017-09-02 15:47 - 000000222 _____ C:\Users\bewin\Desktop\Arma 3.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-02 20:59 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-10-02 20:58 - 2017-05-25 21:31 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-02 20:57 - 2017-05-01 22:09 - 000000000 ___RD C:\Users\bewin\iCloudDrive
2017-10-02 20:56 - 2017-05-25 21:32 - 000000000 ____D C:\Users\bewin
2017-10-02 20:52 - 2017-03-23 17:07 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-02 19:59 - 2017-03-10 03:19 - 000000000 ____D C:\Users\bewin\AppData\Local\CrashDumps
2017-10-02 19:54 - 2017-03-26 16:46 - 000000000 ____D C:\Program Files\Rockstar Games
2017-10-02 19:54 - 2017-03-26 16:46 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-10-02 19:41 - 2017-05-25 21:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-02 19:09 - 2017-05-25 21:41 - 002088672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-02 19:06 - 2017-08-02 19:37 - 000000000 ____D C:\Users\bewin\AppData\Local\Adobe
2017-10-02 19:03 - 2017-05-25 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-02 19:03 - 2017-05-25 21:31 - 005147408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-02 19:03 - 2017-03-18 07:40 - 020709376 _____ C:\WINDOWS\system32\config\HARDWARE
2017-10-02 19:03 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-02 18:24 - 2016-07-16 07:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-02 16:19 - 2017-05-25 21:36 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{711C9AA0-413E-4699-AF18-C491D519F952}
2017-10-01 15:29 - 2017-03-23 22:41 - 000000000 ____D C:\Users\bewin\AppData\Roaming\uTorrent
2017-10-01 15:20 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-01 15:20 - 2017-03-07 23:37 - 000000000 ____D C:\Program Files\Intel
2017-10-01 00:09 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-01 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-27 21:35 - 2017-03-24 17:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-27 21:35 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-27 16:47 - 2017-03-23 21:33 - 000000000 ____D C:\Users\Public\Pro Tools
2017-09-27 00:48 - 2017-05-25 21:36 - 000003494 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-09-26 20:06 - 2017-03-07 23:42 - 000000000 ____D C:\Program Files (x86)\Hotkey
2017-09-26 20:03 - 2017-05-01 22:09 - 000000000 ____D C:\Users\bewin\AppData\Local\Apple Inc
2017-09-26 19:07 - 2017-05-01 22:09 - 000000000 ____D C:\Users\bewin\AppData\Local\6D5D932A-FEEC-4E5F-9D4A-0EE69723A027.aplzod
2017-09-24 11:46 - 2017-03-23 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2017-09-24 11:46 - 2017-03-23 18:07 - 000000000 ____D C:\Program Files (x86)\Avid
2017-09-24 11:46 - 2017-03-23 18:06 - 000000000 ____D C:\Program Files\Avid
2017-09-24 11:46 - 2017-03-07 23:01 - 000000000 ____D C:\Users\bewin\OneDrive\Documents\Scores
2017-09-21 23:43 - 2017-07-26 19:54 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4253875556-2466257819-1923529068-1001
2017-09-21 23:43 - 2017-03-07 22:56 - 000002374 _____ C:\Users\bewin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 23:43 - 2017-03-07 22:56 - 000000000 ___RD C:\Users\bewin\OneDrive
2017-09-19 21:50 - 2017-03-07 22:54 - 000000000 ____D C:\Users\bewin\AppData\Local\Packages
2017-09-19 21:03 - 2017-05-31 19:52 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-19 14:58 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-18 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-18 16:19 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 01:57 - 2017-03-09 11:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 00:31 - 2017-08-01 19:05 - 000001298 _____ C:\Users\bewin\Desktop\Google Chrome.lnk
2017-09-13 00:24 - 2017-03-09 11:51 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 10:11 - 2017-03-24 12:28 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-09-11 15:57 - 2017-05-29 17:59 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-11 15:57 - 2017-03-08 01:49 - 1376823796 _____ C:\WINDOWS\MEMORY.DMP
2017-09-02 15:47 - 2017-03-23 21:55 - 000000000 ____D C:\Users\bewin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-02 11:15 - 2017-03-18 17:06 - 000835576 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 11:15 - 2017-03-18 17:06 - 000177656 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-03-24 17:50 - 2017-03-24 17:50 - 000000604 ____H () C:\Program Files (x86)\_43_S
2017-03-23 21:36 - 2017-03-24 15:47 - 003413804 _____ () C:\Users\bewin\AppData\Roaming\AvidApplicationManager_Install.log
2017-03-23 18:06 - 2017-03-23 18:06 - 000000865 _____ () C:\Users\bewin\AppData\Roaming\Avid_CCS_Service_Stop.log
2017-03-23 18:28 - 2017-04-05 20:18 - 000286556 _____ () C:\Users\bewin\AppData\Roaming\DXDriver_Install.log
2017-03-17 20:09 - 2017-03-20 17:25 - 001065984 _____ () C:\Users\bewin\AppData\Local\file__0.localstorage
2017-05-15 23:04 - 2017-05-15 23:04 - 000007602 _____ () C:\Users\bewin\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
 
 
Some files in TEMP:
====================
2017-08-01 18:51 - 2017-08-01 18:51 - 000745507 _____ (MP3 Players) C:\Users\bewin\AppData\Local\Temp\fox.exe
2017-08-01 18:57 - 2017-08-01 18:57 - 001769378 _____ () C:\Users\bewin\AppData\Local\Temp\FullVersion.exe
2017-08-01 18:51 - 2017-08-01 18:51 - 003707193 _____ () C:\Users\bewin\AppData\Local\Temp\SetupInstallStart.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\moubzzkk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-07-25 18:46
 
==================== End of FRST.txt ============================
 
and heres addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2017 01
Ran by bewin (02-10-2017 21:24:03)
Running from C:\Users\bewin\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-26 01:38:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
43C6B207DA494612A95E (S-1-5-21-4253875556-2466257819-1923529068-1004 - Limited - Enabled)
Administrator (S-1-5-21-4253875556-2466257819-1923529068-500 - Administrator - Disabled)
bewin (S-1-5-21-4253875556-2466257819-1923529068-1001 - Administrator - Enabled) => C:\Users\bewin
DefaultAccount (S-1-5-21-4253875556-2466257819-1923529068-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4253875556-2466257819-1923529068-1000 - Limited - Disabled) => C:\Users\defaultuser0
F56E3D454645421982C1 (S-1-5-21-4253875556-2466257819-1923529068-1005 - Limited - Enabled)
Guest (S-1-5-21-4253875556-2466257819-1923529068-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIR Xpand!2 (HKLM\...\{69A89482-FEC4-4E34-97F9-46BB287D0953}) (Version: 12.0.0.615 - AIR Music Technology)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Ashes of the Singularity (HKLM-x32\...\Ashes of the Singularity_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Avid Application Manager (HKLM\...\{C3675ABA-A668-4708-A433-5923D2940345}) (Version: 17.3.0.15550 - Avid Technology, Inc.)
Avid Cloud Client Services (HKLM\...\{F9A1CAF7-904F-4542-AD7A-9D2D2E3AA80F}) (Version: 2.1.1.11080 - Avid Technology, Inc.)
Avid Codecs LE (HKLM-x32\...\{C8867EDE-69E9-422C-9E88-80CF5B897C4F}) (Version: 2.7.3.39175 - Avid Technology)
Avid DX 64 Bit Driver (HKLM\...\{8ABA2462-670B-4CCE-A9A1-DCEE06351445}) (Version: 7.0.3 - Avid Technology, Inc.)
Avid DX 64 Bit Driver (HKLM\...\{EF394EA2-D3DE-413A-AE20-3D0763EA5C55}) (Version: 7.0.3.886 - Avid Technology, Inc.)
Avid Effects (HKLM\...\{F53B2C5A-9739-425A-B74C-E8D94DF2EFB5}) (Version: 12.7.1.733 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 12.7.1.733 - Avid Technology, Inc.)
Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.1 - Avid Technology, Inc.)
Avid Pro Tools (HKLM\...\{A891857D-07B6-4DE5-BCA5-828FB6CEC392}) (Version: 12.7.1.733 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Control Center 5.0001.1.07 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.1.07 - )
Control Center 5.0001.1.07 (HKLM-x32\...\{F6DD51C4-F693-4392-962D-C3A67D800BD2}) (Version: 5.0001.1.07 - Default Company Name) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.5.55.162 - OSToto Co., Ltd.)
E2Deesser (HKLM\...\Eiosis E2Deesser_is1) (Version: 1.0.5.1 - Eiosis)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FG-X (HKLM\...\Slate Digital FG-X_is1) (Version:  - Slate Digital)
First AIR Effects (HKLM\...\{FB2E34B9-90BF-44E1-BC1D-9AE1AC81BB65}) (Version: 12.0.0.615 - AIR Music Technology)
First AIR Instruments (HKLM\...\{71F15787-675A-41AA-98E2-4403383ECF11}) (Version: 12.0.0.615 - AIR Music Technology)
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
Gobbler (HKLM\...\{49C3123D-9497-434D-A988-A9B389B1E189}) (Version: 2.1.2.246 - Media Gobbler, Inc.) Hidden
Gobbler (HKLM-x32\...\{953c9b39-f945-469d-a0d2-8d1c5fd040f1}) (Version: 2.1.2.246 - Media Gobbler, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
iCloud (HKLM\...\{7464D896-C63C-412E-8ED3-3261C9F14E21}) (Version: 7.0.1.210 - Apple Inc.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.4 - Insyde Corporation)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM\...\{2DF17C75-9627-4213-8612-17955E92F782}) (Version: 1.6.101.32869 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Killer Performance Suite (HKLM\...\{516B56FD-365A-4CFF-8FB4-1C56EABEC528}) (Version: 1.2.1186 - Rivet Networks)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Napoleon: Total Combat (HKLM-x32\...\Napoleon: Total Combat) (Version:  - )
Napoleon: Total War (HKLM\...\Steam App 34030) (Version:  - The Creative Assembly)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PACE License Support Win64 (HKLM\...\{87AA264E-CB0F-4a31-95D0-409CD02CC72D}) (Version: 3.1.3.1659 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{87AA264E-CB0F-4a31-95D0-409CD02CC72D}) (Version: 3.1.3.1659 - PACE Anti-Piracy, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8040 - Realtek Semiconductor Corp.)
Repeater (64bit) (HKLM\...\{0B97B038-3123-4D7A-8595-97EBD2FE182B}) (Version: 1.1.2.0 - D16 Group Audio Software)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.2.0 - Rockstar Games)
S-Gear2 (HKLM\...\{6437439F-8D51-4338-91D3-8248C8A95599}) (Version: 2.7.1 - Scuffham Amps)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Sibelius 7.5 (HKLM\...\{BBADBAB3-56A4-444B-834E-D8730B574C3E}) (Version: 7.5.0.164 - Avid Technology)
Sins of a Solar Empire - Rebellion - Ultimate Edition (HKLM-x32\...\1449139823_is1) (Version: 2.0.0.2 - GOG.com)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.72 - Synaptics Incorporated)
Synaptics WBF USB Fingerprint Reader (HKLM\...\{28303E4F-8C2B-408C-B0C2-7EAA74564665}) (Version: 5.5.204.24 - Synaptics Incorporated)
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Ultimate Epic Battle Simulator (HKLM\...\Steam App 616560) (Version:  - Brilliant Game Studios)
UMC v3.29.0 (HKLM-x32\...\Software_BEHRINGER_umc_audio_Setup) (Version: 3.29.0 - BEHRINGER)
Uplay (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
VerbSuite Classics (HKLM\...\Slate Digital VerbSuite Classics_is1) (Version: 1.0.8.3 - Slate Digital)
VerbSuite Classics FG-224 Expansion (HKLM\...\Slate Digital VerbSuite Classics FG-224 Expansion_is1) (Version: 1.0.0.5 - Slate Digital)
VerbSuite Classics FG-3000 & FG-3500 Expansion (HKLM\...\Slate Digital VerbSuite Classics FG-3000 & FG-35~ACE4A30F_is1) (Version: 1.0.0.4 - Slate Digital)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Virtual Buss Compressors (HKLM\...\Slate Digital Virtual Buss Compressors_is1) (Version: 1.2.11.1 - Slate Digital)
Virtual Tape Machines (HKLM\...\Slate Digital Virtual Tape Machines_is1) (Version: 1.1.13.1 - Slate Digital)
VMR Complete Bundle (HKLM\...\Slate Digital VMR Complete Bundle_is1) (Version: 1.7.3.1 - Slate Digital)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Waves Central 1.3.2.4 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.3.2 - Waves, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warships (HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-09-18] (Apple Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03D73D95-A721-464C-892C-B98F5FC640F9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel® Corporation)
Task: {1FE4855E-F596-4A58-910C-2DAA3987A9B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {29CB3E83-7161-4D28-88C8-7A4A6D3E7BCD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {2D71AA01-7AA7-4423-A8EE-FE6E7A4BB07B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {3390A7B0-8A91-404A-8535-464B679058A5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {3D907486-BB87-4E31-B275-9B7750330826} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {43B48443-50F7-4FCC-8ED1-6992D4D6F88A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {500B1AAE-F95E-4492-A48D-F7A30CD58944} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-07-14] (Apple Inc.)
Task: {61CC6B44-D119-4AF6-8A59-9D5DDBD56038} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {655CF98F-6D7B-4BB0-86DE-13193B873A50} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6BA06386-032A-4F2F-B7EF-3B564855DD97} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {6CFDEDD3-4A51-420F-A022-13D95FB19BE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {75B8866D-0FDC-4442-A2E9-719775B2CE11} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {78607622-8F02-4EDA-A12B-37A55E236C7B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {914799CC-2FC0-4B9E-8CDC-498688C25054} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {9CDD6258-E738-4842-892D-CEFE0A8FFA99} - System32\Tasks\33551e01d58263a69a3e55ab02d8fe70 => sc start 33551e01d58263a69a3e55ab02d8fe70 <==== ATTENTION
Task: {B2ECEB5D-6428-47F1-BAA2-E97ADBC0A1EF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {B40387FF-B67D-4E76-B06A-4D30E16284CC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {BB6B78BF-BAA4-4252-812A-F190BF3316D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C361EB7B-42D0-4998-BD2A-EBD4BB2D4CCE} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {C8B36F2C-9760-40B9-969B-9D3D7B9B9890} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {D227D729-1836-4981-B18C-AD30FC574464} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {D834BD6C-42BC-4EB5-BFF8-A58D34308691} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-14] (Intel Corporation)
Task: {DF6F70DD-0F09-4BF5-ABD1-FE036B521C32} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {F370A9EE-3495-4465-8B83-FE4903933250} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {F61EAC7E-6B50-43B8-83E6-55D1E99618A0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {FF37A50E-08FA-4A9A-B9EF-7474A1313D71} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-27] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-07 23:14 - 2017-06-21 03:07 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-18 00:00 - 2016-10-18 00:00 - 000107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-18 00:00 - 2016-10-18 00:00 - 000412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2017-03-07 23:42 - 2016-11-29 20:36 - 000008192 _____ () C:\Program Files (x86)\Hotkey\rerun.exe
2017-08-01 19:02 - 2017-08-01 19:02 - 002768896 ____N () C:\WINDOWS\SYSTEM32\MSFATHB.EXE
2016-11-01 21:18 - 2016-11-01 21:18 - 000253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2017-02-02 14:55 - 2017-02-02 14:55 - 002235144 _____ () C:\Program Files\Avid\Cloud Client Services\Hub.exe
2017-02-02 13:44 - 2017-02-02 13:44 - 000098304 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\PXFPlugin.acf
2017-02-02 13:46 - 2017-02-02 13:46 - 000353032 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\PXF\MOG_Framework_2.2.16_vc9.dll
2017-02-02 14:37 - 2017-02-02 14:37 - 001729024 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\TransportCog.acf
2017-02-02 14:41 - 2017-02-02 14:41 - 002025472 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\ProjectSyncInterfaceCog.acf
2017-02-02 14:39 - 2017-02-02 14:39 - 002650112 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\ProjectSyncCog.acf
2017-02-02 14:35 - 2017-02-02 14:35 - 004329472 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\NetworkInterfaceCog.acf
2017-02-02 14:42 - 2017-02-02 14:42 - 001660928 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\FileMgrCog.acf
2017-02-02 14:43 - 2017-02-02 14:43 - 001985536 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\CompressionCog.acf
2017-02-02 14:38 - 2017-02-02 14:38 - 001996288 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AvidAssetInterfaceCog.acf
2017-02-02 14:36 - 2017-02-02 14:36 - 004327424 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AvidAssetCog.acf
2017-02-02 14:41 - 2017-02-02 14:41 - 002070016 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AssetDeliveryInterfaceCog.acf
2017-02-02 14:45 - 2017-02-02 14:45 - 004846592 _____ () C:\Program Files\Avid\Cloud Client Services\avx2_plug-ins\AssetDeliveryCog.acf
2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2017-05-25 21:32 - 2017-05-01 16:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-22 00:31 - 2017-09-27 21:32 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-27 23:53 - 2017-08-27 23:53 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-27 23:53 - 2017-08-27 23:53 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-27 23:53 - 2017-08-27 23:53 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-27 23:53 - 2017-08-27 23:53 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-01 19:34 - 2017-07-25 03:42 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libglesv2.dll
2017-08-01 19:34 - 2017-07-25 03:42 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libegl.dll
2017-03-08 00:03 - 2015-07-31 21:34 - 000089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2017-03-08 00:03 - 2015-07-31 21:33 - 000366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-03-16 17:15 - 2017-03-16 17:15 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2017-04-08 18:01 - 2015-12-08 11:21 - 000383488 _____ () C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe
2017-09-27 13:16 - 2017-09-27 13:16 - 000914944 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-08-01 19:13 - 2017-09-27 13:16 - 001087488 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-10-01 15:11 - 2017-10-01 15:11 - 000186544 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2017-10-01 15:11 - 2017-10-01 15:11 - 000263344 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-10-01 15:11 - 2017-10-01 15:11 - 000169648 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-10-01 15:11 - 2017-10-01 15:11 - 000172208 _____ () c:\program files (x86)\ostotosoft\drivertalent\DtlPlug.dll
2017-10-01 15:11 - 2017-10-01 15:11 - 000111280 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-10-01 15:11 - 2017-10-01 15:11 - 000123568 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-11-08 23:40 - 2016-11-08 23:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-07 23:14 - 2017-06-21 03:07 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-04-08 18:01 - 2015-12-08 11:20 - 000228352 _____ () C:\Program Files\BEHRINGER\UMC_Audio_Driver\umc_audioapi.dll
2017-08-01 19:13 - 2017-09-27 13:16 - 053460480 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2017-08-01 19:13 - 2017-09-27 13:16 - 001976832 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2017-08-01 19:13 - 2017-09-27 13:16 - 000075264 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2017-08-01 19:13 - 2017-09-27 13:16 - 017599640 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:F74777951FEDB083 [217]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mptpdspp.sys:changelist [1066]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wmciwytq.sys:changelist [1066]
AlternateDataStreams: C:\Users\All Users:F74777951FEDB083 [217]
AlternateDataStreams: C:\ProgramData\Application Data:F74777951FEDB083 [217]
AlternateDataStreams: C:\ProgramData\PACE:00A1C332BC410A49 [217]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-10-01 15:38 - 2017-10-01 15:38 - 000001056 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Hotkey.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Avid Application Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Killer Control Center.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "GobblerTray"
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{65F19E53-025C-4738-9E18-4FB60265FAF8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BFBCA85D-40FA-4ABB-8CAD-8341DCD31CDF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A6457A5B-EDBF-439E-8B84-42554C9F9E99}] => (Allow) LPort=1900
FirewallRules: [{AC50B82E-920B-4407-AD4A-6F829F5427E2}] => (Allow) LPort=2869
FirewallRules: [{B4494501-0267-4C6E-BD75-A66DB6804553}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{88383837-AF21-4EFD-AC2A-9C7401549E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{48356FF7-3A8F-481B-B8E2-FF3BA2F24446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{FBB08CFB-9866-409C-9D2E-6BF95FC11097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS-Beta.exe
FirewallRules: [{83815AB8-1F0B-4ADC-80F0-8B528F62ABE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS-Beta.exe
FirewallRules: [UDP Query User{54A7ECB6-329A-4BA4-88C8-064F376A2DAC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A4439A18-0460-4292-A1A6-C1FC216FC267}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{2530C78C-70D6-44B9-B052-619D5B1E0B9B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{1E5FCAA6-3394-4FF3-9F4C-4C71D209C127}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{3EA194D4-6BC0-4D03-AD83-065EB848A8F4}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{E9F113C1-21EF-49F4-8320-0D2442D318EE}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{6403DCEF-A277-4BC2-A587-7C76B002C71D}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{A2D99151-A635-40E5-81EA-D249C33CA434}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{780E7739-4829-427D-BE8A-816547DBF325}] => (Block) %ProgramFiles% (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{70B0C51D-91B7-4701-894B-60717E42B85D}] => (Block) %ProgramFiles% (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{B62AE1C4-45D9-4708-B38A-0FA049B442EE}] => (Block) %ProgramFiles% (x86)\Avid\Sibelius 7.5\Sibelius.exe
FirewallRules: [{21D48624-5D60-4BB7-B6EE-EE388FD77C9B}] => (Block) %ProgramFiles% (x86)\Avid\Sibelius 7.5\Sibelius.exe
FirewallRules: [UDP Query User{FD6CD915-D49E-4CBC-8527-732BB9DA46B6}C:\users\bewin\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\bewin\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [TCP Query User{E4CBAB7A-170B-4AEB-9B9A-0004A7520069}C:\users\bewin\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\bewin\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [{B6358691-C1E2-44DF-A652-E73AE4C6A830}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{0BB2EC31-9C83-4510-BB3D-0C74B685F0D8}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{EDADC559-DF72-45CF-AB1A-7D6E0649A765}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [UDP Query User{B3E442B5-E86D-4B6D-8218-1C42FB558CAD}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [TCP Query User{4FC00475-AE2D-449E-A98F-F810BD8780AE}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [{61DDEEA5-2FBA-4E5A-B4E2-59455160803D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{AF2E7597-0DEB-4AA3-8619-06384D21E711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{01AD0173-E301-44D6-B11E-29BC603D6223}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{20BF3CC5-ADEB-44D7-AE38-94E605F0B761}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{131AEB44-1DBC-4C02-A26F-D814352D199E}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E0D6152-1B07-4C4B-BBCD-A038C7287F79}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6855A35B-D319-4077-82DB-03607E59EFA8}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{475CC6FE-6B54-4907-A9A7-0373B7EF5A5D}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C899314A-67D9-4588-ACD9-1DAEB5C8E29E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E12B69D-2146-4040-A145-9DBFB8F6F047}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1E936C0-FCC0-4441-AA62-04E3F724BE20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03B6B3ED-A50C-43DF-AAF0-68793BFE080C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0FDB9BE-90DA-44BC-8DDD-A07560E82BAD}] => (Allow) C:\Program Files\Avid\Pro Tools\ProTools.exe
FirewallRules: [{D8542BCE-2177-49AE-9A8D-F1E1E558E7F5}] => (Allow) C:\Program Files\Avid\Pro Tools\AvidVideoEngine.exe
FirewallRules: [{3EE177B1-8562-4024-9ECF-36BA598C3EFA}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
FirewallRules: [{8D9449E7-BF89-4283-A9DA-E3529706B4DA}] => (Allow) C:\Program Files\Avid\Cloud Client Services\Hub.exe
FirewallRules: [{B26C971A-9C6E-4BC0-BDFA-BB11C662AC01}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E4AB7453-4DC0-4E57-ADF9-0CBCDF273F95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{263C969A-BD11-4226-8CE5-84160B6722EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D603C0AE-A21A-40DC-BD69-BB79855EE03A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C9921C04-0E87-47C7-8B3F-83166C1119DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE775C2F-5894-4411-B0A2-483452A98FE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{42415711-A3C1-4538-ACD8-BF6718AC0EFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6ED4BF90-05F9-4E58-BBA8-A4AB589614BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{31585EAF-8545-4A9F-A5EF-910EA9E743D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{38BF231B-6781-476A-9EA3-0A96649CB4A7}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{0889898B-8BAF-4B90-A861-EDF3C2531C18}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [{189FB8AF-F166-4BA3-A5D4-3F9D1D1DBD2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe
FirewallRules: [{69D819F2-2AE9-454D-8B60-A86DABC21B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe
FirewallRules: [{0B925070-D034-4AF3-B32A-D5C1E7D8492D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{03092ED1-3E34-4E3C-861A-6BE03985A901}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{CBEE0D58-F2FC-4FC9-930B-7B9B2451D47D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{B6513784-8FA4-4472-9471-645057386128}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{7BA3EC5E-D1BA-489C-8CEC-89F4D33B2D53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3863F736-F760-43D5-909E-E4F8D7B54142}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{AA473B8D-62B8-45F6-BE8F-C1A92AB48E29}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{72DD5F15-7C1B-4ADC-A265-C6126F2C8505}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CFC560EB-FE46-4748-80DD-9ADE2090703C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{1A7745C2-8748-4177-8823-80672FD23EE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5D309D93-C0BA-471A-ABCD-3AF3ABE48A6B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{635B61C6-93C6-4848-B0EE-BBE74B758257}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{AFF9157D-50D5-4B04-9E60-A84A97BB982F}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{7EF6302C-EA0D-4A22-8319-E25B0420EBAF}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{D38CD2BF-7B27-4749-A34E-E8359E8B019E}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E37F5B11-BCF3-4E5E-A294-4D24AA87055B}] => (Allow) C:\Users\bewin\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Restore Points =========================
 
18-09-2017 16:18:54 Windows Update
21-09-2017 13:18:34 Installed Control Center 5.0001.1.07
24-09-2017 11:30:41 Removed Sibelius 7.5.
26-09-2017 20:06:22 Installed Control Center 5.0001.1.07
01-10-2017 15:19:42 IIF_MSI
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2017 08:52:58 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
 
Error: (10/02/2017 08:52:58 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
 
Error: (10/02/2017 07:59:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x3024
Faulting application start time: 0x01d33bda50a0f277
Faulting application path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 52969ed8-a829-4c89-a208-75f3aecd1582
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/02/2017 07:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x2eb8
Faulting application start time: 0x01d33bd8c0042ac7
Faulting application path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 52265d33-c06d-4b9c-956e-15842d14f0ab
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/02/2017 07:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x00180814
Faulting process id: 0x37c4
Faulting application start time: 0x01d33bd4fca43b33
Faulting application path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: df1006f0-c237-43c1-9d1e-fd9461fe7b62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/02/2017 07:11:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0xf60
Faulting application start time: 0x01d33bd390e85636
Faulting application path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 0fbcbecf-56c5-4900-b552-897a369c3708
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/02/2017 07:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x59991256
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x011fae1b
Faulting process id: 0x1e8c
Faulting application start time: 0x01d33bd375af51ae
Faulting application path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 10f9734a-40e0-42f0-8381-68a646972c54
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/02/2017 07:05:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 2.A.2.1.B.D.6.4.9.D.7.C.C.8.9.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Ben-laptop-2.local.
 
Error: (10/02/2017 07:05:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.152:5353   18 2.A.2.1.B.D.6.4.9.D.7.C.C.8.9.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Ben-laptop.local.
 
Error: (10/02/2017 07:05:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 A.F.B.D.4.0.E.6.6.3.9.4.4.A.4.9.8.9.7.0.0.0.1.0.5.8.9.0.1.0.6.2.ip6.arpa. PTR Ben-laptop-2.local.
 
 
System errors:
=============
Error: (10/02/2017 08:56:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/02/2017 08:56:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/02/2017 07:06:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (10/02/2017 07:05:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/02/2017 07:03:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/02/2017 07:03:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/02/2017 07:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
The requested resource is in use.
 
Error: (10/02/2017 07:03:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (10/02/2017 07:03:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2147942402.
 
Error: (10/02/2017 07:03:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 408) (User: NT AUTHORITY)
Description: Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-26 11:58:25.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-18 16:34:14.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 16:34:14.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 16:16:07.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 16:16:07.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 14:06:46.359
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 14:06:46.357
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 13:21:30.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-18 13:21:30.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-17 23:12:38.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 16%
Total physical RAM: 32686.03 MB
Available physical RAM: 27281.65 MB
Total Virtual: 37550.03 MB
Available Virtual: 31579.6 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930 GB) (Free:537.09 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:722.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AA80410F)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AA804118)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
JSntgRvr
Posted 02 October 2017 - 07:37 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

The computer is infected with the Smart Service rootkit. Lets start by running an anti rootkit.

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


  • 0

#5
JSntgRvr
Posted 02 October 2017 - 07:59 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

We are under a Hurricane Emergency. Must sign-off. Will check on you tomorrow. Let that program run unhindered. Sometimes it may take a while.


  • 0

#6
Ben2431
Posted 02 October 2017 - 09:39 PM

Ben2431

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

The logs were to long to paste on here so i upploaded them to a google drive folder here is the link to view the logs 

 

https://drive.google...TGhkdFQ3QmZFajg

 

Also just as an update I can now run and install anti virus programs however, taskmanager still close instantly after opening


Edited by Ben2431, 02 October 2017 - 09:42 PM.

  • 0

#7
JSntgRvr
Posted 03 October 2017 - 03:43 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
  • Highlight the entire content of the quote box below.

Start::
Startregedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcw]
"Start"=dword:00000000
EndRegedit:  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 dclbazuy; \??\C:\WINDOWS\system32\drivers\dclbazuy.sys [X]
S1 egxrbiww; \??\C:\WINDOWS\system32\drivers\egxrbiww.sys [X]
S1 pmiiysup; \??\C:\WINDOWS\system32\drivers\pmiiysup.sys [X]
S1 tpoekcdv; \??\C:\WINDOWS\system32\drivers\tpoekcdv.sys [X]
S1 twetnwtq; \??\C:\WINDOWS\system32\drivers\twetnwtq.sys [X]
S1 ztsxugpp; \??\C:\WINDOWS\system32\drivers\ztsxugpp.sys [X]
FirewallRules: [{A6457A5B-EDBF-439E-8B84-42554C9F9E99}] => (Allow) LPort=1900
FirewallRules: [{AC50B82E-920B-4407-AD4A-6F829F5427E2}] => (Allow) LPort=2869
HKLM-x32\...\Run: [svcvmx] => C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-27] () <==== ATTENTION
C:\WINDOWS\system32\drivers\moubzzkk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Task: {9CDD6258-E738-4842-892D-CEFE0A8FFA99} - System32\Tasks\33551e01d58263a69a3e55ab02d8fe70 => sc start 33551e01d58263a69a3e55ab02d8fe70 <==== ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
C:\Users\bewin\AppData\Local\ntuserlitelist
2017-09-27 13:16 - 2017-09-27 13:16 - 000914944 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist
2017-08-01 18:51 - 2017-08-01 18:51 - 000745507 _____ (MP3 Players) C:\Users\bewin\AppData\Local\Temp\fox.exe
2017-08-01 18:57 - 2017-08-01 18:57 - 001769378 _____ () C:\Users\bewin\AppData\Local\Temp\FullVersion.exe
2017-08-01 18:51 - 2017-08-01 18:51 - 003707193 _____ () C:\Users\bewin\AppData\Local\Temp\SetupInstallStart.exe
2017-08-01 19:02 - 2017-08-01 19:02 - 002768896 ____N () C:\WINDOWS\SYSTEM32\MSFATHB.EXE
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#8
Ben2431
Posted 03 October 2017 - 10:04 PM

Ben2431

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

After running all of these programs i tried opening task manager and I can now open and use task manger 

 

 

Here is the FRST fix.log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-10-2017 01
Ran by bewin (03-10-2017 23:52:07) Run:2
Running from C:\Users\bewin\Downloads
Loaded Profiles: bewin (Available Profiles: defaultuser0 & bewin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Startregedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcw]
"Start"=dword:00000000
EndRegedit:  
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 dclbazuy; \??\C:\WINDOWS\system32\drivers\dclbazuy.sys [X]
S1 egxrbiww; \??\C:\WINDOWS\system32\drivers\egxrbiww.sys [X]
S1 pmiiysup; \??\C:\WINDOWS\system32\drivers\pmiiysup.sys [X]
S1 tpoekcdv; \??\C:\WINDOWS\system32\drivers\tpoekcdv.sys [X]
S1 twetnwtq; \??\C:\WINDOWS\system32\drivers\twetnwtq.sys [X]
S1 ztsxugpp; \??\C:\WINDOWS\system32\drivers\ztsxugpp.sys [X]
FirewallRules: [{A6457A5B-EDBF-439E-8B84-42554C9F9E99}] => (Allow) LPort=1900
FirewallRules: [{AC50B82E-920B-4407-AD4A-6F829F5427E2}] => (Allow) LPort=2869
HKLM-x32\...\Run: [svcvmx] => C:\Users\bewin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914944 2017-09-27] () <==== ATTENTION
C:\WINDOWS\system32\drivers\moubzzkk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
Task: {9CDD6258-E738-4842-892D-CEFE0A8FFA99} - System32\Tasks\33551e01d58263a69a3e55ab02d8fe70 => sc start 33551e01d58263a69a3e55ab02d8fe70 <==== ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\bewin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
C:\Users\bewin\AppData\Local\ntuserlitelist
2017-09-27 13:16 - 2017-09-27 13:16 - 000914944 _____ () C:\Users\bewin\AppData\Local\ntuserlitelist
2017-08-01 18:51 - 2017-08-01 18:51 - 000745507 _____ (MP3 Players) C:\Users\bewin\AppData\Local\Temp\fox.exe
2017-08-01 18:57 - 2017-08-01 18:57 - 001769378 _____ () C:\Users\bewin\AppData\Local\Temp\FullVersion.exe
2017-08-01 18:51 - 2017-08-01 18:51 - 003707193 _____ () C:\Users\bewin\AppData\Local\Temp\SetupInstallStart.exe
2017-08-01 19:02 - 2017-08-01 19:02 - 002768896 ____N () C:\WINDOWS\SYSTEM32\MSFATHB.EXE
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
 
====> Registry
gupdate => service not found.
gupdatem => service not found.
dclbazuy => service not found.
egxrbiww => service not found.
pmiiysup => service not found.
tpoekcdv => service not found.
twetnwtq => service not found.
ztsxugpp => service not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6457A5B-EDBF-439E-8B84-42554C9F9E99} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC50B82E-920B-4407-AD4A-6F829F5427E2} => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value not found.
"C:\WINDOWS\system32\drivers\moubzzkk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
"C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9CDD6258-E738-4842-892D-CEFE0A8FFA99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CDD6258-E738-4842-892D-CEFE0A8FFA99} => key removed successfully
C:\WINDOWS\System32\Tasks\33551e01d58263a69a3e55ab02d8fe70 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\33551e01d58263a69a3e55ab02d8fe70 => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\livecall => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\msnim => key removed successfully
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found. 
"C:\Users\bewin\AppData\Local\ntuserlitelist" => not found.
"C:\Users\bewin\AppData\Local\ntuserlitelist" => not found.
C:\Users\bewin\AppData\Local\Temp\fox.exe => moved successfully
C:\Users\bewin\AppData\Local\Temp\FullVersion.exe => moved successfully
C:\Users\bewin\AppData\Local\Temp\SetupInstallStart.exe => moved successfully
"C:\WINDOWS\SYSTEM32\MSFATHB.EXE" => not found.
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4253875556-2466257819-1923529068-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88205179 B
Java, Flash, Steam htmlcache => 341640551 B
Windows/system/drivers => 246867772 B
Edge => 10825108 B
Chrome => 758286580 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1131435 B
systemprofile32 => 128 B
LocalService => 35096 B
NetworkService => 615600 B
defaultuser0 => 0 B
bewin => 983119657 B
 
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:53:11 ====
 
Heres the jrt log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by bewin (Administrator) on Tue 10/03/2017 at 23:57:39.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/03/2017 at 23:58:59.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
and heres the adware log
 
# AdwCleaner 7.0.3.0 - Logfile created on Wed Oct 04 04:01:58 2017
# Updated on 2017/28/09 by Malwarebytes 
# Database: 09-27-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [3755 B] - [2017/8/28 4:28:15]
C:/AdwCleaner/AdwCleaner[S0].txt - [4048 B] - [2017/8/28 4:26:5]
C:/AdwCleaner/AdwCleaner[S1].txt - [1108 B] - [2017/10/3 4:3:44]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
 

Edited by Ben2431, 03 October 2017 - 10:07 PM.

  • 0

#9
JSntgRvr
Posted 05 October 2017 - 03:09 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Very nice. How is the computer doing? How about the task manager?


  • 0

#10
Ben2431
Posted 09 October 2017 - 01:59 PM

Ben2431

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

task manager is working just fine now and I do not seem to have any more problems at all. Thank you so much for all your help!


  • 0

#11
JSntgRvr
Posted 09 October 2017 - 02:56 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You are welcome. :)

 

Use this programs to remove our tools and their quarantine.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.

 

Best regards. :)


  • 0

#12
JSntgRvr
Posted 09 October 2017 - 02:57 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP