Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I got a Trojan Dropper [Closed]


  • This topic is locked This topic is locked

#1
Eldon123

Eldon123

    Member

  • Member
  • PipPip
  • 12 posts

I decided to run a scan on malwarebytes today and it detected something called a Trojan Dropper I removed it with malwarebytes but I'm not sure if it put anything else on my pc. If you could please help me check my pc and make sure that nothing else is lingering on it that could potentially cause problems for me later on that would be great!


  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 981 posts

Hi Eldon123, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------
  • Open Malwarebytes. From the Dashboard, select Reports, then check the box next to the newest report and select View Reports.
  • When the report opens, click Export > Text file. Save the file to your desktop as mbam.txt
  • Open mbam.txt on your desktop and copy/paste its contents into your reply.
---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Double-click FRST.exe/FRST64.exe to run it. When the tool opens click Yes to the disclaimer.
  • Make sure that under Optional Scans, the Addition.txt box is checked.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt). Please attach this to your reply.

  • 0

#3
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/19/19
Scan Time: 3:20 PM
Log File: 1aedc43c-92d8-11e9-b9c5-7c67a20c4fd5.json
 
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11144
License: Free
 
-System Information-
OS: Windows 10 (Build 17134.829)
CPU: x64
File System: NTFS
User: DESKTOP-LBHF8BQ\Dohnovan
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277303
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 7 min, 30 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Trojan.Dropper.SFX, C:\USERS\DOHNOVAN\DOWNLOADS\WINRAR-X64-550.EXE, Quarantined, [6099], [698392],1.0.11144
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (19-06-2019 20:31:01)
Running from C:\Users\Dohnovan\Downloads
Loaded Profiles: Dohnovan (Available Profiles: Dohnovan)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1904.42.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atiesrxx.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dohnovan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-06-22] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [911752 2019-06-19] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [BitTorrent] => C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe [1989824 2018-10-30] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3482864 2019-06-03] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3482864 2019-06-03] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-12-09]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0928E190-F287-4F5C-B4C2-C91EBEF0A617} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-06-19] (Nota Inc. -> Nota Inc.)
Task: {0B749559-7623-4606-A7A8-CF69B7571B3F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [462288 2018-11-15] (Bitdefender SRL -> Bitdefender)
Task: {2DB6A846-C084-4720-8225-CFEBE228F0EC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208896 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {3584292A-FACC-4A29-B2C5-58AF2D11B38C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DAF5E5A-9F1A-42AC-957C-C1DA521DCF24} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-01-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3EAC682A-B39A-4C2D-972C-BC1CE5E263F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {5E426AEE-B299-453C-9604-22F9438F870C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208896 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6BEB3D48-367A-4CA9-9A3B-0B6A52AD1D37} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149528 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D175ED4-61FE-450C-9073-38242E442B00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-06-19] (Nota Inc. -> Nota Inc.)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {9157B7DD-4D37-4D47-8035-C35001789655} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-01-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B533BBCE-B862-4117-9D7A-B16434B52777} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D92CE4D5-8B16-463B-AECA-C37457464FEB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149528 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F61CA315-F858-40A7-9969-3068F2714868} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-04-30]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.1.3.0_neutral__m055xr0c82818 [2019-06-04]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2019-06-19]
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-25]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-19]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atiesrxx.exe [481768 2018-01-18] (Advanced Micro Devices, Inc. -> AMD)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-05-28] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-17] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146224 2019-06-06] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-06-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4544456 2019-06-19] (SurfRight B.V. -> SurfRight B.V.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-02-21] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-06-02] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-05-31] (Razer USA Ltd. -> Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-05-28] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [238376 2019-05-28] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-05-28] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atikmdag.sys [41703912 2018-01-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0322990.inf_amd64_06c9aec2ef966091\atikmpag.sys [546280 2018-01-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [93240 2017-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [33336 2017-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1551768 2019-05-28] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [395728 2019-05-14] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [298488 2019-05-28] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [374632 2018-11-19] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2019-05-14] (Bitdefender SRL -> BitDefender LLC)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [315800 2019-06-19] (SurfRight B.V. -> SurfRight B.V.)
S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [113160 2016-11-04] (Intel® NVMe Windows Driver -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253696 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-19] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8717808 2018-05-21] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-01] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [611152 2019-05-28] (Bitdefender SRL -> Bitdefender)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-19 20:31 - 2019-06-19 20:32 - 000031923 _____ C:\Users\Dohnovan\Downloads\FRST.txt
2019-06-19 20:30 - 2019-06-19 20:31 - 000000000 ____D C:\FRST
2019-06-19 20:29 - 2019-06-19 20:29 - 002418688 _____ (Farbar) C:\Users\Dohnovan\Downloads\FRST64.exe
2019-06-19 16:17 - 2019-06-19 16:17 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-19 16:17 - 2019-06-19 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-19 16:16 - 2019-06-19 16:16 - 003145336 _____ (Alexander Roshal) C:\Users\Dohnovan\Downloads\winrar-x64-571.exe
2019-06-19 16:03 - 2019-06-19 16:03 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-19 15:56 - 2019-06-19 15:56 - 001955784 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2019-06-19 15:56 - 2019-06-19 15:56 - 001034696 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2019-06-19 15:54 - 2019-06-19 20:30 - 000000000 ____D C:\WINDOWS\CryptoGuard
2019-06-19 15:54 - 2019-06-19 16:03 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2019-06-19 15:54 - 2019-06-19 16:02 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2019-06-19 15:54 - 2019-06-19 15:56 - 000315800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2019-06-19 15:54 - 2019-06-19 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2019-06-19 15:53 - 2019-06-19 15:53 - 004461704 _____ (SurfRight B.V.) C:\Users\Dohnovan\Downloads\hmpalert3.exe
2019-06-19 15:49 - 2019-06-19 16:33 - 000000000 ____D C:\ProgramData\HitmanPro
2019-06-19 15:49 - 2019-06-19 15:49 - 010960168 _____ (SurfRight B.V.) C:\Users\Dohnovan\Downloads\HitmanPro (1).exe
2019-06-19 15:48 - 2019-06-19 20:32 - 000554637 _____ C:\WINDOWS\ZAM.krnl.trace
2019-06-19 15:48 - 2019-06-19 20:32 - 000097441 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-06-19 15:48 - 2019-06-19 15:48 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-06-19 15:48 - 2019-06-19 15:48 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-06-19 15:48 - 2019-06-19 15:48 - 000001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-06-19 15:48 - 2019-06-19 15:48 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Zemana
2019-06-19 15:48 - 2019-06-19 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-06-19 15:48 - 2019-06-19 15:48 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2019-06-19 15:47 - 2019-06-19 15:47 - 012946608 _____ (Zemana Ltd. ) C:\Users\Dohnovan\Downloads\Zemana.AntiMalware.Setup.exe
2019-06-19 15:40 - 2019-06-19 15:40 - 000001312 _____ C:\Users\Dohnovan\Desktop\Mbam.txt.txt
2019-06-19 12:59 - 2019-06-19 12:59 - 000001073 _____ C:\Users\Public\Desktop\Gyazo Replay.lnk
2019-06-19 10:56 - 2019-06-19 10:56 - 000000000 ____D C:\Program Files\UNP
2019-06-14 03:07 - 2019-06-19 16:08 - 000000000 ____D C:\Users\Dohnovan\AppData\LocalLow\BitTorrent
2019-06-13 14:14 - 2019-06-13 14:14 - 000019680 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_242340567693922.dll
2019-06-13 02:11 - 2019-06-13 02:11 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\EasyAntiCheat
2019-06-13 02:11 - 2019-06-13 02:11 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-06-12 21:29 - 2019-06-12 21:29 - 000000222 _____ C:\Users\Dohnovan\Desktop\Paladins.url
2019-06-12 06:39 - 2019-06-07 05:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 06:39 - 2019-06-07 05:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 06:39 - 2019-06-07 04:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 06:39 - 2019-06-07 04:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 06:39 - 2019-06-07 04:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 06:39 - 2019-06-07 04:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 06:39 - 2019-06-07 04:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 06:39 - 2019-06-07 04:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 06:39 - 2019-06-07 04:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 06:39 - 2019-06-07 04:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 06:39 - 2019-06-07 04:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 06:39 - 2019-06-07 04:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 06:39 - 2019-06-07 04:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 06:39 - 2019-06-07 04:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 06:39 - 2019-06-07 04:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 06:39 - 2019-06-07 04:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 06:39 - 2019-06-07 00:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 06:39 - 2019-06-07 00:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 06:39 - 2019-06-06 23:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 06:39 - 2019-06-06 23:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 06:39 - 2019-06-06 23:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 06:39 - 2019-06-06 23:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 06:39 - 2019-06-06 23:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 06:39 - 2019-06-06 23:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 06:39 - 2019-06-06 23:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 06:39 - 2019-06-06 23:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 06:39 - 2019-06-06 23:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 06:39 - 2019-06-06 23:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 06:39 - 2019-06-06 23:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 06:39 - 2019-06-06 23:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 06:39 - 2019-06-06 23:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 06:39 - 2019-06-06 23:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 06:39 - 2019-06-06 23:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 06:39 - 2019-06-06 23:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 06:39 - 2019-06-06 23:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 06:39 - 2019-06-06 23:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 06:39 - 2019-06-06 23:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 06:39 - 2019-06-06 23:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 06:39 - 2019-06-06 23:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 06:39 - 2019-06-06 23:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 06:39 - 2019-06-06 23:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 06:39 - 2019-06-06 23:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 06:39 - 2019-06-06 23:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 06:39 - 2019-06-06 23:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 06:39 - 2019-06-06 23:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 06:39 - 2019-06-06 23:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 06:39 - 2019-06-06 23:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 06:39 - 2019-06-06 23:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 06:39 - 2019-06-06 23:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 06:39 - 2019-06-06 23:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 06:39 - 2019-06-06 23:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 06:39 - 2019-06-06 23:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 06:39 - 2019-06-06 23:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 06:39 - 2019-06-06 23:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 06:39 - 2019-06-06 23:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 06:39 - 2019-06-06 23:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 06:39 - 2019-06-06 23:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 06:39 - 2019-06-06 23:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 06:39 - 2019-06-06 23:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 06:39 - 2019-06-06 23:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 06:39 - 2019-05-18 16:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 06:39 - 2019-05-18 16:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 06:39 - 2019-05-18 16:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 06:39 - 2019-05-18 16:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 06:39 - 2019-05-17 06:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 06:39 - 2019-05-17 06:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 06:39 - 2019-05-17 06:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 06:39 - 2019-05-17 06:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 06:39 - 2019-05-17 06:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 06:39 - 2019-05-17 06:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 06:39 - 2019-05-17 06:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 06:39 - 2019-05-17 06:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 06:39 - 2019-05-17 06:24 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2019-06-12 06:39 - 2019-05-17 06:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 06:39 - 2019-05-17 06:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 06:39 - 2019-05-17 06:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 06:39 - 2019-05-17 06:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 06:39 - 2019-05-17 06:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 06:39 - 2019-05-17 06:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 06:39 - 2019-05-17 06:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 06:39 - 2019-05-17 06:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 06:39 - 2019-05-17 06:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 06:39 - 2019-05-17 06:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 06:39 - 2019-05-17 05:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 06:39 - 2019-05-17 05:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 06:39 - 2019-05-17 05:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 06:39 - 2019-05-17 05:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 06:39 - 2019-05-17 05:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 06:39 - 2019-05-17 05:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 06:39 - 2019-05-17 05:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 06:39 - 2019-05-17 03:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 06:39 - 2019-05-17 02:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 06:39 - 2019-05-17 01:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 06:39 - 2019-05-17 00:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 06:39 - 2019-05-17 00:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 06:39 - 2019-05-17 00:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 06:39 - 2019-05-17 00:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 06:39 - 2019-05-17 00:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 06:39 - 2019-05-17 00:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 06:39 - 2019-05-17 00:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 06:39 - 2019-05-17 00:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 06:39 - 2019-05-17 00:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 06:39 - 2019-05-17 00:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 06:39 - 2019-05-17 00:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 06:39 - 2019-05-17 00:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 06:39 - 2019-05-17 00:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 06:39 - 2019-05-17 00:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 06:39 - 2019-05-17 00:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 06:39 - 2019-05-17 00:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 06:39 - 2019-05-17 00:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 06:39 - 2019-05-17 00:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 06:39 - 2019-05-17 00:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 06:39 - 2019-05-17 00:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 06:39 - 2019-05-17 00:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 06:39 - 2019-05-17 00:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 06:39 - 2019-05-17 00:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 06:39 - 2019-05-17 00:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 06:39 - 2019-05-17 00:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 06:39 - 2019-05-17 00:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 06:39 - 2019-05-17 00:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 06:39 - 2019-05-17 00:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 06:39 - 2019-05-17 00:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 06:39 - 2019-05-17 00:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 06:39 - 2019-05-17 00:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 06:39 - 2019-05-17 00:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 06:39 - 2019-05-17 00:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 06:39 - 2019-05-17 00:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 06:39 - 2019-05-17 00:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 06:39 - 2019-05-17 00:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 06:39 - 2019-05-17 00:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 06:39 - 2019-05-16 23:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 06:39 - 2019-05-16 23:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 06:39 - 2019-05-16 23:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 06:39 - 2019-05-16 23:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 06:39 - 2019-05-16 23:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 06:39 - 2019-05-16 23:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 06:39 - 2019-05-16 23:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 06:39 - 2019-05-16 23:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 06:39 - 2019-05-16 23:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 06:39 - 2019-05-16 23:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 06:39 - 2019-05-16 23:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 06:39 - 2019-05-16 23:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 06:39 - 2019-05-16 23:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 06:39 - 2019-05-16 23:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 06:39 - 2019-05-16 23:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 06:39 - 2019-05-16 23:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 06:39 - 2019-05-16 23:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 06:39 - 2019-05-16 23:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 06:39 - 2019-05-16 23:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 06:38 - 2019-06-06 23:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 06:38 - 2019-06-06 23:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 06:38 - 2019-06-06 23:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 06:38 - 2019-06-06 22:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 06:38 - 2019-05-17 06:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 06:38 - 2019-05-17 06:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 06:38 - 2019-05-17 06:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 06:38 - 2019-05-17 05:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 06:38 - 2019-05-17 00:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 06:38 - 2019-05-17 00:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 06:38 - 2019-05-17 00:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 06:38 - 2019-05-17 00:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 06:38 - 2019-05-17 00:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 06:38 - 2019-05-16 23:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 06:38 - 2019-05-16 23:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 06:38 - 2019-05-16 23:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 06:38 - 2019-05-16 23:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 06:38 - 2019-05-16 23:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 06:38 - 2019-05-16 23:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 06:38 - 2019-05-16 23:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-08 05:54 - 2019-06-08 05:54 - 000000080 ___SH C:\bootTel.dat
2019-06-07 12:35 - 2019-06-07 12:35 - 000002500 _____ C:\Users\Dohnovan\Downloads\New_Text_Document.txt.tr9u2hz.partial
2019-05-31 15:17 - 2019-02-12 23:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-26 23:59 - 2019-06-05 11:23 - 000000000 ____D C:\Users\Dohnovan\Documents\Path of Building
2019-05-26 23:58 - 2019-06-05 11:23 - 000000000 ____D C:\ProgramData\Path of Building
2019-05-26 23:58 - 2019-05-26 23:58 - 000001179 _____ C:\Users\Public\Desktop\Path of Building.lnk
2019-05-26 23:58 - 2019-05-26 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path of Building
2019-05-26 23:58 - 2019-05-26 23:58 - 000000000 ____D C:\Program Files (x86)\Path of Building
2019-05-26 23:57 - 2019-05-26 23:57 - 023365310 _____ (Openarl ) C:\Users\Dohnovan\Downloads\PathOfBuilding-Setup-1.4.137.exe
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-19 20:25 - 2018-05-21 16:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-19 20:25 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-19 18:26 - 2019-05-14 10:38 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-06-19 17:07 - 2018-04-11 15:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2019-06-19 16:55 - 2017-12-08 22:06 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-19 16:54 - 2018-05-21 16:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2019-06-19 16:17 - 2017-12-31 18:37 - 000000000 ____D C:\Program Files\WinRAR
2019-06-19 16:08 - 2018-01-25 15:56 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\BitTorrent
2019-06-19 16:06 - 2017-12-08 22:16 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2019-06-19 16:03 - 2018-06-22 15:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-06-19 16:03 - 2018-05-21 16:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-19 16:03 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-19 16:01 - 2018-04-11 15:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-19 16:01 - 2017-04-11 10:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-06-19 15:37 - 2018-05-21 16:18 - 000000000 ____D C:\Users\Dohnovan
2019-06-19 14:46 - 2018-07-01 09:24 - 000000236 _____ C:\Users\Dohnovan\Downloads\things I am working on.txt
2019-06-19 14:01 - 2017-12-09 19:50 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Packages
2019-06-19 13:59 - 2018-07-01 09:24 - 000001468 _____ C:\Users\Dohnovan\Downloads\#Pro Life Advice.txt
2019-06-19 13:49 - 2018-07-01 09:24 - 000001113 _____ C:\Users\Dohnovan\Downloads\Important.txt
2019-06-19 12:59 - 2018-05-21 16:35 - 000003556 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2019-06-19 12:59 - 2018-05-21 16:35 - 000003420 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2019-06-19 12:59 - 2017-12-27 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2019-06-19 12:59 - 2017-12-27 19:08 - 000000000 ____D C:\Program Files (x86)\Gyazo
2019-06-18 22:49 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-15 18:42 - 2017-12-09 20:29 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Arma 3 Launcher
2019-06-15 17:18 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-15 17:16 - 2017-04-07 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-15 16:26 - 2017-12-09 20:32 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Arma 3
2019-06-14 03:08 - 2018-04-14 10:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2019-06-13 14:25 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-13 02:12 - 2017-12-31 21:42 - 000000000 ____D C:\Users\Dohnovan\Documents\My Games
2019-06-12 21:29 - 2017-12-09 13:16 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-06-12 17:19 - 2018-05-21 16:27 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 17:19 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-12 17:16 - 2017-12-09 20:01 - 000000000 ___RD C:\Users\Dohnovan\3D Objects
2019-06-12 17:16 - 2017-04-03 11:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 17:14 - 2018-05-21 16:15 - 000403048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 17:11 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 17:10 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 17:10 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 17:10 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 06:38 - 2017-12-09 11:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 06:35 - 2017-12-09 11:40 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-11 18:53 - 2017-12-09 20:02 - 000000000 ___HD C:\Users\Dohnovan\MicrosoftEdgeBackups
2019-06-11 18:52 - 2017-12-09 11:27 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\ConnectedDevicesPlatform
2019-06-08 06:02 - 2018-03-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-06-05 17:43 - 2018-05-21 16:35 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2019-06-05 17:43 - 2018-05-21 16:18 - 000002379 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-05 17:43 - 2017-12-09 11:39 - 000000000 ___RD C:\Users\Dohnovan\OneDrive
2019-05-30 19:57 - 2018-09-18 19:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-30 19:57 - 2018-09-18 19:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-30 13:43 - 2017-12-09 15:53 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\steelseries-engine-3-client
2019-05-28 19:16 - 2017-12-08 22:16 - 000002255 _____ C:\Users\Dohnovan\Desktop\Discord.lnk
2019-05-28 07:56 - 2019-05-14 10:40 - 000611152 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2019-05-28 07:56 - 2019-05-14 10:39 - 001551768 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2019-05-28 07:56 - 2019-05-14 10:39 - 000298488 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2019-05-23 16:49 - 2017-12-27 20:08 - 000000000 ____D C:\Program Files\Rockstar Games
2019-05-23 16:49 - 2017-12-27 20:08 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-05-22 16:18 - 2018-01-14 11:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 16:18 - 2018-01-14 11:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories ================
 
2017-12-18 14:43 - 2017-12-18 14:43 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by Dohnovan (19-06-2019 20:33:27)
Running from C:\Users\Dohnovan\Downloads
Windows 10 Home Version 1803 17134.829 (X64) (2018-05-21 22:36:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ArcheRage.to NA (HKLM-x32\...\{1B621355-A68A-48B0-879B-5E903411063D}) (Version: 1.0.0 - ArcheRage.to NA Private Server)
ArmA3Sync 1.6.92 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.6.92 - The [S.o.E] team)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.108 - Bitdefender)
BitTorrent (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\BitTorrent) (Version: 7.10.4.44633 - BitTorrent Inc.)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Brave (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Brave) (Version: 0.23.31 - Brave Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Gyazo 3.6.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.9.779 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b67c644b-bbfa-45cf-a1fa-2e1ef2f99be6}) (Version: 20.60.0 - Intel Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11629.20246 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11629.20246 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Path of Building version 1.4.137 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.137 - Openarl)
PlanetSide 2 (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.4.0604.060316 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.7 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.7 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wondershare Filmora(Build 8.5.1) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.664 - Zemana Ltd.)
 
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.1.58.0_x64__hvr7qkvwfhvx6 [2019-02-21] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-04-30] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.1.3.0_neutral__m055xr0c82818 [2019-06-04] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-05-28] (king.com)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.20.0_x64__kejf07qmg0jnm [2019-05-03] (Keeper Security Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.402.0_x64__8wekyb3d8bbwe [2019-05-24] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-19] (Zemana D.O.O. Sarajevo -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-19] (Zemana D.O.O. Sarajevo -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-23 08:51 - 2016-07-21 11:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-12-23 08:51 - 2017-09-12 11:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 06:13 - 2017-06-05 06:13 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-01-12 17:59 - 2018-01-12 17:59 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2017-10-27 14:01 - 2017-10-27 14:01 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2017-10-27 14:01 - 2017-10-27 14:01 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2018-04-11 15:30 - 2018-01-28 09:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-01-12 17:42 - 2018-01-12 17:42 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000110080 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 068669952 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-06-05 06:13 - 2017-06-05 06:13 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2017-12-23 08:51 - 2017-09-12 11:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{ECA178D8-528C-4290-90CD-378DCDA874EF}C:\program files (x86)\black desert online\bin64\blackdesert64.exe] => (Allow) C:\program files (x86)\black desert online\bin64\blackdesert64.exe (PearlAbyss Corp. -> )
FirewallRules: [TCP Query User{9576E5A7-DF59-4818-86D2-34172E43C52C}C:\program files (x86)\black desert online\bin64\blackdesert64.exe] => (Allow) C:\program files (x86)\black desert online\bin64\blackdesert64.exe (PearlAbyss Corp. -> )
FirewallRules: [{FAAC4190-AAB5-476D-B457-425E1A0ABB84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{7F0805B7-A355-4BD2-9551-ECD236EF4ABF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{8B20679D-6B13-4526-A9F9-DA769BDB75F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{6194837C-5728-41B2-9102-A3C8FA70A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{91D362F2-6951-4A68-8DC2-D0E277558CBF}] => (Allow) C:\Program Files (x86)\ArcheRage.to NA\Launcher.exe () [File not signed]
FirewallRules: [{D635A9A0-FBF0-4262-BAA6-8ED864813B1C}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{554FCCC7-DC36-4FC9-9E1B-41936F8A8C6C}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C092A980-3B3D-445E-8A53-F98558DC7F4A}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{2ABA4955-24BC-489B-B6C0-F302A4559430}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{6A777D30-7E2F-4112-A21B-AAED9B1B008A}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [TCP Query User{2CB2887F-9C0A-4189-8115-989C649280E5}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{F08B20B3-30A9-4064-AD0C-07262E42995E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{EE461569-00C7-41B8-8472-BDEAC603A159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1B80F6F2-8EF0-4212-9E1D-FB85B42C2FC9}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{232AE631-95E2-4FC8-9159-C5D8FBE9666B}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{E5ED1490-2A71-46E8-A4A0-2A43E7B0381F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{43E4CB35-73BD-4E4F-86C3-2C20A6BC9EEF}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{10AD0384-925B-4807-9B11-9F2438D13796}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{AC676D52-4BFD-48EF-8A10-52C4983F8D1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B725E07C-1C34-4E68-908A-89765A5C9B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{DF56E8B7-939E-45A2-B634-70256C0D8A9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{DF23A227-FB0F-4E83-B5A0-2C1A2EAD5C3E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3C8F0CBE-B06C-4A4E-85AA-9FC708D18D21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D9992790-A135-4151-9A11-450FE8A931D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C12210A8-7499-47F0-8B4C-2E89010E95D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{23907ADC-7EDC-4830-97BB-A7AFA8E43B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe (Capcom U.S.A., Inc.) [File not signed]
FirewallRules: [{C0B1518B-2F82-479D-A6D7-67C6C8C57E81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DDDA\DDDA.exe (Capcom U.S.A., Inc.) [File not signed]
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{778DC5E1-C574-45F8-B392-C78E46DEBF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{9D6CABF9-DFDA-4F3C-9AC8-6092BAA007E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [TCP Query User{39B135F4-AD48-43A5-96AF-295CFAEEF2B6}C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [UDP Query User{E45FE399-9D56-4734-A53A-860B139CF28A}C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{9AAFDA42-99DA-4021-AFBD-28A2E46F344D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{BBA99857-C7B3-45B3-AC09-17B44883A3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{47CDB22F-7783-4CED-BF1C-D9ACDD81E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{7F676C03-41AA-4617-AA13-BC0B88A05086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{D1DCF785-EAFA-4E9B-A0A1-9D914B0B7030}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{F70CA5AD-3D9D-461C-9264-D1526D7C5774}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{00294285-8DCB-4F6B-86D3-9A2070AFD3B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{0AF8A769-4CF4-4EF8-8E53-1DE76E63E44A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
 
==================== Restore Points =========================
 
04-06-2019 02:10:13 Scheduled Checkpoint
12-06-2019 06:34:50 Windows Update
19-06-2019 19:39:30 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/19/2019 03:58:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PathOfExile_x64Steam.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 49f0
 
Start Time: 01d526e071a0d527
 
Termination Time: 1008
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
 
Report Id: 91d2dacb-bdf8-4998-848c-aeff5114e1a0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/14/2019 03:07:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.17.3987, time stamp: 0x5cf19f0d
Faulting module name: KERNELBASE.dll, version: 10.0.17134.799, time stamp: 0x0117c7be
Exception code: 0xe0434352
Fault offset: 0x00112c92
Faulting process id: 0x2ca0
Faulting application start time: 0x01d52290a247f656
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3a955f92-3dde-4b28-8f9a-145ca53f387e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/14/2019 03:07:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Central.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at RazerCentralApp.App.Main()
 
Error: (06/14/2019 01:12:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PathOfExile_x64Steam.exe, version: 0.0.0.0, time stamp: 0x5d02df86
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000002a78
Faulting process id: 0x23b8
Faulting application start time: 0x01d52266272c580c
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
Faulting module path: unknown
Report Id: ad040836-2f13-4fde-8e01-2c91c449c5ed
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/13/2019 02:22:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.17.3987, time stamp: 0x5cf19f0d
Faulting module name: KERNELBASE.dll, version: 10.0.17134.799, time stamp: 0x0117c7be
Exception code: 0xe0434352
Fault offset: 0x00112c92
Faulting process id: 0x2ce8
Faulting application start time: 0x01d52225c56f6be4
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a3ae7718-dc4b-489f-b9cb-6e225634ffc0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/13/2019 02:22:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Central.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at Microsoft.Shell.SingleInstance`1+IPCRemoteService[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeFirstInstance(System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].SignalFirstInstance(System.String, System.Collections.Generic.IList`1<System.String>)
   at Microsoft.Shell.SingleInstance`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InitializeAsFirstInstance(System.String)
   at RazerCentralApp.App.Main()
 
Error: (06/12/2019 06:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PathOfExile_x64Steam.exe, version: 0.0.0.0, time stamp: 0x5d003074
Faulting module name: PathOfExile_x64Steam.exe, version: 0.0.0.0, time stamp: 0x5d003074
Exception code: 0xc0000005
Fault offset: 0x0000000000961ca2
Faulting process id: 0x2e24
Faulting application start time: 0x01d5217a657de77c
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
Report Id: 1c1ab54a-3ed0-4ada-9f09-78f0bd65d9a5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/12/2019 05:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Razer Central.exe, version: 7.3.17.3987, time stamp: 0x5cf19f0d
Faulting module name: KERNELBASE.dll, version: 10.0.17134.799, time stamp: 0x0117c7be
Exception code: 0xe0434352
Fault offset: 0x00112c92
Faulting process id: 0x2d5c
Faulting application start time: 0x01d5217501c6bda0
Faulting application path: C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8b71b818-de8d-4ed8-a443-b8ef13437b7f
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/19/2019 07:40:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 06:09:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 06:01:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 05:25:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 04:43:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 04:14:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 04:10:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-LBHF8BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-LBHF8BQ\Dohnovan SID (S-1-5-21-2108490749-413910539-1021375685-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/19/2019 04:08:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
 
Windows Defender:
===================================
Date: 2019-05-04 16:48:12.881
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4DF8C4F3-F7DE-46A5-93F2-B0086DF90463}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-04-24 21:36:12.281
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B77E5BC9-3226-4D3A-8566-556CA2599737}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-07-19 12:39:23.329
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:23.317
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:15.133
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:15.083
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:14.999
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:14.986
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:13.167
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-19 12:39:13.017
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 61%
Total physical RAM: 8144.69 MB
Available physical RAM: 3169.45 MB
Total Virtual: 17872.69 MB
Available Virtual: 8084.86 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:163.72 GB) NTFS
 
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.09 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 

  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 981 posts
Hi,

Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings icon > Apps.
If you wish to keep it, please do not use it until your computer is cleaned.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
    FirewallRules: [{10AD0384-925B-4807-9B11-9F2438D13796}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{AC676D52-4BFD-48EF-8A10-52C4983F8D1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#5
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

The eset scan is taking a long time and it's just barely past 50% done. Sorry but it's gonna take a bit before I can get the results from the scan and send them your way


  • 0

#6
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I just realized that you said to run eset as admin, and I didn't see that when I started the scan. Should I restart the program as admin and rescan?


  • 0

#7
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

My scan is almost done now it's at 95%


  • 0

#8
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by Dohnovan (20-06-2019 10:26:36) Run:1
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan (Available Profiles: Dohnovan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FirewallRules: [{10AD0384-925B-4807-9B11-9F2438D13796}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{AC676D52-4BFD-48EF-8A10-52C4983F8D1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => removed successfully
HKLM\Software\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
HKLM\Software\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10AD0384-925B-4807-9B11-9F2438D13796}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC676D52-4BFD-48EF-8A10-52C4983F8D1A}" => removed successfully
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55591009 B
Java, Flash, Steam htmlcache => 362669682 B
Windows/system/drivers => 3918321 B
Edge => 1492280 B
Chrome => 396714454 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 25618 B
LocalService => 0 B
NetworkService => 912204 B
NetworkService => 0 B
Dohnovan => 20057790 B
 
RecycleBin => 20290881080 B
EmptyTemp: => 19.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:30:07 ====
 
 
6/20/2019 13:51:24 PM
Files scanned: 502101
Infected files: 1
Cleaned threats: 1
Total scan time 03:02:00
Scan status: Finished
 
 
C:\Users\Dohnovan\Downloads\BitTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
 
I uninstalled bittorrent and I won't be using it from now on.

  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 981 posts
Hi,

How is the computer doing ?
  • 0

#10
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Nothings really changed on it. I can't really tell if theres any malicious programs on my pc. According to what I've read the trojan dropper is just the beginning I'm not sure if theres any other malicious programs running on my pc from the dropper. I'm mostly worried about information I've put on my pc in the past getting stolen  because of spyware or a keylogger being used to take my account passwords. Do you know if theres anything I can do to assure myself that none of that is the case?


  • 0

Advertisements


#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 981 posts
Hi,

Your logs show no evidence of malware infection.
If you are concerned that your online account passwords have been compromised I suggest you change the passwords.
This article may help: How to Create a Strong Password


---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, uncheck any items you want to keep.
  • Click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).
  • 0

#12
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Thank you for the help


  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 981 posts
Hi,

Did AdwCleaner detect any threats? If so, please copy and paste the AdwCleaner log to your reply.
  • 0

#14
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Adwcleaner did not detect anything


  • 0

#15
Eldon123

Eldon123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

So you're positive that theres no spyware on my pc? Thanks for the help so far


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP