1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved I Need Your Help Please

Discussion in 'Virus & Other Malware Removal' started by goodusername, Dec 25, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    I have a virus that is ruining my computer. It's called vidsquare. I have tried multiple malware removal systems such as:
    MalwareFox
    MalwareBytes

    etc.
    I have found the systems on task manager and attempted to stop them, which does nothing. I found the files they're in, but i can't delete them, even if with Unlocker. (It says it will delete them on reboot but it doesn't).
    (C:\Users\*MyUser*\AppData\Local\(multiple weirdly named files like igfxmtc))
    I've also tried to change the permissions of the folders (even though my account is an administrator) but apparently I don't have permission to do that either.

    As for my computer idk wtf is going on. I have tried in a bunch of different ways to boot the computer into safe mode and delete the files from there but no matter what I do my computer doesn't understand I'm trying to open safe mode. I'm completely willing to clear my hard drive (besides windows) to get rid of the virus but when I click in settings to reset my pc nothing happens.

    The virus makes games I used to play with no lag be so slow they're unplayable, except maybe at ridiculously low quality. As for the internet, It can infiltrate every browser. I've reinstalled chrome and tried both firefox and opera.

    My computer is an HP Pavillion running windows 10, I can't remember if its 64 bit or not but I can check if it's needed.

    PLEASE HELP MEEEEEEE
    Edit:
    I expect to get some help but if someone can redirect to me another site where I might be able to get help if I'm not able to fix it off help from this site, that would be appreciated.
     
    Last edited: Dec 25, 2017
  2. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Hello goodusername, and welcome to Tech Support Guy

    My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.

    Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem.

    If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.

    Before we begin, please familiarize yourself with the following:
    • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
    • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
    • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
    • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
    Finally:
    • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
    • You must reply to this post within four days, if you do not, then the topic will be closed.
    • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.

    If I have not responded to your post within 24 hours, then send me a private message (PM).
    Otherwise, all communication is done in the forums.


    Let's get to work! :)

    ____________________________________________________________________________________________________

    The fixes presented are specific to your problem and should only be used for the issue on this machine!
    ____________________________________________________________________________________________________

    Step 1 of 1: FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.

    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The copied and pasted results of the FRST.txt and Addition.txt logs
     
  3. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    Thanks so much for the help but I seem to have fixed the problem. I realized that I actually had downloaded a MalwareByte product called AdwCleaner and not MalwareBytes itself. After a few scans and restarts the virus seems to be gone. Just a minute ago (I'm on the computer that had the virus) I was redirected some site but I might have just clicked something. My computer is no longer sluggish. I don't know if you still want me to complete the steps you've given me, but if you do I'll do it just in case. Here is the MalwareBytes report. I await your response.
     

    Attached Files:

  4. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    Oops, I read the thing about posting the logs. Here you go:

    Malwarebytes
    www.malwarebytes.com
    -Log Details-
    Scan Date: 12/26/17
    Scan Time: 10:33 PM
    Log File: c61c0af6-eab6-11e7-a037-10f00552b9de.json
    Administrator: Yes
    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3565
    License: Trial
    -System Information-
    OS: Windows 10 (Build 16299.125)
    CPU: x64
    File System: NTFS
    User: LAPTOP-9VM6RJTH\Evan
    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 294527
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 9 min, 6 sec
    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect
    -Scan Details-
    Process: 0
    (No malicious items detected)
    Module: 0
    (No malicious items detected)
    Registry Key: 0
    (No malicious items detected)
    Registry Value: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Data Stream: 0
    (No malicious items detected)
    Folder: 0
    (No malicious items detected)
    File: 0
    (No malicious items detected)
    Physical Sector: 0
    (No malicious items detected)
    (end)
     
  5. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Morning goodusername! :). Yes, please continue with the steps that I have posted to do the scan with FRST. Just because the symptoms are gone, doesn't necessarily mean the infection is. In the future, take care using tools such as AdwCleaner. It's a great tool, but if using it unsupervised, it can mistakingly delete good files/folders.

    Sent from my SM-G935V using Tapatalk
     
  6. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    ------FRST.txt-----
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
    Ran by Evan (administrator) on LAPTOP-9VM6RJTH (27-12-2017 12:31:56)
    Running from C:\Users\Evan\Downloads
    Loaded Profiles: Evan (Available Profiles: Evan)
    Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (TOSHIBA CORPORATION) C:\Windows\System32\wmhuioxsvc.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    () C:\ProgramData\CsHelper\CsHelper.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
    (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
    (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
    (Discord Inc.) C:\Users\Evan\AppData\Local\Discord\app-0.0.299\Discord.exe
    (Valve Corporation) C:\Program Files (x86)\RealRealSteam\Steam.exe
    () C:\Users\Evan\AppData\Local\serztdm\serztdm.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Users\Evan\AppData\Local\igfxmtc\igfxmtc.exe
    (Discord Inc.) C:\Users\Evan\AppData\Local\Discord\app-0.0.299\Discord.exe
    (Discord Inc.) C:\Users\Evan\AppData\Local\Discord\app-0.0.299\Discord.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Users\Evan\AppData\Local\serztdm\wiarmxs.exe
    () C:\Users\Evan\AppData\Local\serztdm\wiarmxs.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\ielowutil.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2017-12-25] (Copyright 2017.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Discord] => C:\Users\Evan\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3111712 2017-12-15] (Valve Corporation)
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-03-22]
    ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\Parameters: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3eb67c16-5ee4-42e1-937c-1c5246fc58f6}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{42efc9c9-0843-433b-95da-54a36e0e3bde}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{645a08f7-d26d-11e7-b9df-806e6f6e6963}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{9d106ced-10c2-4ac3-a956-faab85e48f62}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{a59731b4-a3e0-412d-be16-275f506bbeac}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ab90e9d2-f3f7-4690-970c-1dc6b67546a3}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{da96d4e7-83a6-4cbc-8dd8-f721e0a20217}: [NameServer] 8.8.8.8
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    SearchScopes: HKLM -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
    SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
    SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311407&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3rCs9bMgjN3RJMFkGZcV3LqrPupM%2BeGRWnAiDDGMm1K473cQnB2sYq3jS76iraFrrzGDdJMOmxctAf3EnCo7aitjxCRUHjwSF1VMVkNbqL6C1Xur3WrFAbVEcErq5IMv04TWbxRDjIkCLXvdgOH93sFjxpShloKOUGaNHA7m8Zjeu5TmHILDP4CA1PLEZHEP8VMqrwhzmm%2FIchleIye8rRG60AL6lmtjf66nJVsaUdLA%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-06] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-06] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\MCSNIE~1.DLL [2017-09-25] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-09-25] (McAfee, Inc.)
    FireFox:
    ========
    FF DefaultProfile: o33qc0vs.default
    FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\o33qc0vs.default [2017-12-27]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-25] [Legacy] [not signed]
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\NPMCSN~1.DLL [2017-09-25] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-06] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\NPMCSN~1.DLL [2017-09-25] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-26] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-26] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
    Chrome:
    =======
    CHR HomePage: Default -> homepage.ssoextension.com
    CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311407&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3rCs9bMgjN3RJMFkGZcV3LneF3BITYmkVdMJ0mkkVgN0qtF5tFBUlBwezgh9deS0wpXnzaQ4El1G7WtBVFxafnJeyD1nwL5xmxQun%2FnAooAh7KuO%2FR8R8rhVzQUhuQZRmKAloiRN7nJiuVk8naMAOIM7OegBwD%2BzEb%2FJFdMf7l5Qr1HeCUK0jNcg1Bz3MIx%2FA9SZbEzcICvG4b63k28yhHkmuLYc3QffIvSpJMSIOQ3D0DIoXCfSnU6QPtZJY2QSc%3D"
    CHR DefaultSearchURL: Default -> hxxp://search.ssoextension.com/s?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> ssoextension.com
    CHR DefaultSuggestURL: Default -> hxxp://suggest.ssoextension.com/suggest?q={searchTerms}
    CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default [2017-12-27]
    CHR Extension: (Slides) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
    CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
    CHR Extension: (Sheets) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-05]
    CHR Extension: (Drumpfinator) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2017-09-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
    CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]
    Opera:
    =======
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    "CsHelper" => service was unlocked. <==== ATTENTION
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-08-13] ()
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
    R2 CsHelper; C:\ProgramData\CsHelper\CsHelper.exe [764216 2017-10-03] () [File not signed]
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
    R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-04] (Intel Corporation)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
    R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
    R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc.)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
    S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [994280 2017-09-14] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
    R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
    R3 mfevtp; C:\windows\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
    S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
    R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2017-12-25] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-04] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-04] (Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-26] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-26] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-26] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-26] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-26] (Malwarebytes)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
    U3 mfeavfk01; no ImagePath
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
    R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
    R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek )
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
    S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-25] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-25] (Zemana Ltd.)
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-12-27 12:34 - 2017-12-27 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2017-12-27 12:31 - 2017-12-27 12:35 - 000026965 _____ C:\Users\Evan\Downloads\FRST.txt
    2017-12-27 12:31 - 2017-12-27 12:31 - 000000000 ____D C:\FRST
    2017-12-27 12:30 - 2017-12-27 12:30 - 001752064 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
    2017-12-27 12:29 - 2017-12-27 12:29 - 002391552 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
    2017-12-26 22:45 - 2017-12-26 22:45 - 000001245 _____ C:\Users\Evan\Downloads\Stuff (1).txt
    2017-12-26 22:43 - 2017-12-26 22:43 - 000001245 _____ C:\Users\Evan\Downloads\Stuff.txt
    2017-12-26 22:31 - 2017-12-26 22:31 - 000000000 ___HD C:\ProgramData\temp
    2017-12-26 22:30 - 2017-12-26 22:30 - 000142160 ____N C:\WINDOWS\system32\Drivers\cgblorvy.sys
    2017-12-26 22:24 - 2017-12-26 22:31 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-12-26 22:23 - 2017-12-26 22:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-12-26 22:23 - 2017-12-26 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-12-26 22:23 - 2017-12-26 22:23 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-12-26 22:23 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-12-26 22:19 - 2017-12-26 22:19 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-12-26 22:01 - 2017-12-26 22:31 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-12-26 22:01 - 2017-12-26 22:27 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-12-26 22:01 - 2017-12-26 22:24 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2017-12-26 22:00 - 2017-12-26 22:23 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-12-26 22:00 - 2017-12-26 22:00 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-12-26 21:59 - 2017-12-26 22:00 - 083316440 _____ (Malwarebytes ) C:\Users\Evan\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
    2017-12-26 21:25 - 2017-12-26 21:25 - 000002107 _____ C:\Users\Public\Desktop\EMCO MoveOnBoot 3.lnk
    2017-12-26 21:25 - 2017-12-26 21:25 - 000000000 ____D C:\Users\Evan\AppData\Roaming\EMCO
    2017-12-26 21:25 - 2017-12-26 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO MoveOnBoot 3
    2017-12-26 21:25 - 2017-12-26 21:25 - 000000000 ____D C:\ProgramData\EMCO
    2017-12-26 21:25 - 2017-12-26 21:25 - 000000000 ____D C:\Program Files\EMCO
    2017-12-26 21:24 - 2017-12-26 21:24 - 054054384 _____ (EMCO Software) C:\Users\Evan\Downloads\MoveOnBootSetup.exe
    2017-12-26 18:54 - 2017-12-26 18:54 - 000443402 _____ C:\Users\Evan\Documents\cc_20171226_185441.reg
    2017-12-26 18:43 - 2017-12-26 18:43 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2017-12-26 18:43 - 2017-12-26 18:43 - 000002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2017-12-26 18:43 - 2017-12-26 18:43 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-12-26 18:43 - 2017-12-26 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-12-26 18:42 - 2017-12-26 21:05 - 000000000 ____D C:\Program Files\CCleaner
    2017-12-26 18:42 - 2017-12-26 18:47 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-12-26 18:42 - 2017-12-26 18:47 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-12-26 18:42 - 2017-12-26 18:42 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-12-26 18:42 - 2017-12-26 18:42 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-12-26 18:41 - 2017-12-26 18:41 - 011201632 _____ (Piriform Ltd) C:\Users\Evan\Downloads\ccsetup538.exe
    2017-12-25 16:33 - 2017-12-25 16:33 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2017-12-25 16:33 - 2017-12-25 16:33 - 000000000 ____D C:\ProgramData\Babylon
    2017-12-25 16:33 - 2017-12-25 16:33 - 000000000 ____D C:\Program Files\Unlocker
    2017-12-25 16:24 - 2017-12-25 16:28 - 000000000 ____D C:\Program Files (x86)\Delete Doctor
    2017-12-25 16:24 - 2017-12-25 16:24 - 001188386 _____ C:\Users\Evan\Downloads\deletedr.exe
    2017-12-25 16:24 - 2017-12-25 16:24 - 000001122 _____ C:\Users\Evan\Desktop\Delete Doctor.lnk
    2017-12-25 16:24 - 2017-12-25 16:24 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delete Doctor
    2017-12-25 16:21 - 2017-12-27 12:32 - 000097424 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-12-25 16:21 - 2017-12-27 12:28 - 000132146 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-12-25 16:21 - 2017-12-25 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
    2017-12-25 16:20 - 2017-12-25 16:39 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
    2017-12-25 16:20 - 2017-12-25 16:21 - 000001190 _____ C:\Users\Public\Desktop\MalwareFox AntiMalware.lnk
    2017-12-25 16:20 - 2017-12-25 16:20 - 005747600 _____ (Zemana Ltd. ) C:\Users\Evan\Downloads\setup (1).exe
    2017-12-25 16:20 - 2017-12-25 16:20 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-12-25 16:20 - 2017-12-25 16:20 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-12-25 16:20 - 2017-12-25 16:20 - 000000000 ____D C:\Users\Evan\AppData\Local\Zemana
    2017-12-25 16:20 - 2017-12-25 16:20 - 000000000 ____D C:\Users\Evan\AppData\Local\Wolf of Webstreet OPC Private Limited
    2017-12-25 13:17 - 2017-12-25 13:17 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill64-2206.exe
    2017-12-25 13:16 - 2017-12-25 13:16 - 009932672 _____ C:\Users\Evan\Downloads\bitdefender_online.exe
    2017-12-25 13:09 - 2017-12-25 13:09 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill64-694.exe
    2017-12-25 12:06 - 2017-12-25 12:06 - 000003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1514221558
    2017-12-25 12:06 - 2017-12-25 12:06 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Opera Software
    2017-12-25 12:06 - 2017-12-25 12:06 - 000000000 ____D C:\Users\Evan\AppData\Local\Opera Software
    2017-12-25 12:06 - 2017-12-25 12:05 - 000001173 _____ C:\Users\Public\Desktop\Opera Browser.lnk
    2017-12-25 12:06 - 2017-12-25 12:05 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2017-12-25 12:05 - 2017-12-25 12:08 - 000000000 ____D C:\Program Files\Opera
    2017-12-25 12:04 - 2017-12-25 12:04 - 001264272 _____ (Opera Software) C:\Users\Evan\Downloads\OperaSetup(1).exe
    2017-12-25 12:02 - 2017-12-25 12:02 - 001264272 _____ (Opera Software) C:\Users\Evan\Downloads\OperaSetup.exe
    2017-12-25 10:46 - 2017-12-25 10:46 - 000000000 ____D C:\Users\Evan\AppData\Local\Cyberlink
    2017-12-24 23:17 - 2017-12-25 12:05 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Mozilla
    2017-12-24 23:17 - 2017-12-24 23:18 - 000000000 ____D C:\Users\Evan\AppData\Local\Mozilla
    2017-12-24 23:17 - 2017-12-24 23:17 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Mozilla
    2017-12-24 23:16 - 2017-12-24 23:16 - 000311224 _____ (Mozilla) C:\Users\Evan\Downloads\Firefox Installer.exe
    2017-12-24 23:14 - 2017-12-24 23:14 - 005659243 _____ (Swearware) C:\Users\Evan\Downloads\ComboFix.exe
    2017-12-24 22:09 - 2017-12-26 21:48 - 000000906 _____ C:\Users\Evan\Desktop\Rkill.txt
    2017-12-24 22:09 - 2017-12-24 22:09 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill.exe
    2017-12-24 22:09 - 2017-12-24 22:09 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Evan\Downloads\rkill64.exe
    2017-12-24 17:32 - 2017-12-24 17:32 - 000000000 ___HD C:\Users\Evan\MicrosoftEdgeBackups
    2017-12-24 17:22 - 2017-12-24 17:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2017-12-24 17:16 - 2017-12-26 21:59 - 000000000 ____D C:\AdwCleaner
    2017-12-24 17:16 - 2017-12-24 17:16 - 008198432 _____ (Malwarebytes) C:\Users\Evan\Downloads\adwcleaner_7.0.6.0.exe
    2017-12-24 17:15 - 2017-12-26 08:35 - 000000000 ____D C:\Users\Evan\AppData\Local\lsbzrav
    2017-12-24 17:12 - 2017-12-27 12:37 - 000000000 ____D C:\Users\Evan\AppData\Local\serztdm
    2017-12-24 17:12 - 2017-12-24 17:15 - 000000000 ____D C:\Users\Evan\AppData\Local\igfxmtc
    2017-12-24 17:11 - 2017-12-26 22:30 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\wmhuioxsvc.exe
    2017-12-24 17:11 - 2017-12-26 22:29 - 000000000 ____D C:\Users\Evan\AppData\Roaming\radeon
    2017-12-24 17:11 - 2017-12-24 17:11 - 000000000 ____D C:\WINDOWS\SysWOW64\csemtnx
    2017-12-24 17:11 - 2017-12-24 17:11 - 000000000 ____D C:\WINDOWS\system32\csemtnx
    2017-12-24 17:11 - 2017-12-24 17:11 - 000000000 ____D C:\Users\Evan\AppData\Roaming\et
    2017-12-24 17:05 - 2017-12-24 17:07 - 000000000 ____D C:\Users\Evan\Downloads\Garrys Mod v16.12.02 Full +AutoUpdate +Multilanguage
    2017-12-24 17:02 - 2017-12-24 17:08 - 000000000 ____D C:\Users\Evan\AppData\Local\transmission
    2017-12-24 17:02 - 2017-12-24 17:02 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk
    2017-12-24 17:02 - 2017-12-24 17:02 - 000002459 _____ C:\Users\Public\Desktop\Transmission Qt Client.lnk
    2017-12-24 17:02 - 2017-12-24 17:02 - 000000000 ____D C:\Program Files\Transmission
    2017-12-24 17:00 - 2017-12-24 17:01 - 015200256 _____ C:\Users\Evan\Downloads\transmission-2.92-x64.msi
    2017-12-22 11:45 - 2017-12-03 17:38 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-12-22 11:45 - 2017-12-03 17:38 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-12-22 11:29 - 2017-12-22 11:29 - 000000000 ____D C:\Users\Evan\AppData\Local\ElevatedDiagnostics
    2017-12-21 22:53 - 2017-12-21 22:53 - 000037157 _____ C:\WINDOWS\uninstaller.dat
    2017-12-17 19:57 - 2017-12-17 19:57 - 000000000 ____D C:\Users\Evan\AppData\Roaming\RotMG.Production
    2017-12-17 19:56 - 2017-12-17 19:56 - 000000230 _____ C:\Users\Evan\Desktop\Realm of the Mad God.url
    2017-12-17 18:07 - 2017-12-17 18:07 - 000000230 _____ C:\Users\Evan\Desktop\Making History The Great War.url
    2017-12-15 23:33 - 2017-12-15 23:33 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Keiwan Donyagard
    2017-12-15 23:32 - 2017-12-15 23:32 - 013289022 _____ C:\Users\Evan\Downloads\evolution-win.zip
    2017-12-15 23:32 - 2017-12-15 23:32 - 000000000 ____D C:\Users\Evan\Downloads\evolution-win
    2017-12-12 16:32 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-12-12 16:32 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-12-12 16:32 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-12-12 16:32 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2017-12-12 16:32 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-12-12 16:32 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-12-12 16:32 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-12-12 16:32 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-12-12 16:32 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-12-12 16:32 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-12-12 16:32 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-12-12 16:32 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-12-12 16:32 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-12-12 16:32 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-12-12 16:32 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-12-12 16:32 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-12-12 16:32 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-12-12 16:32 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-12-12 16:32 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-12-12 16:32 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-12-12 16:32 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-12-12 16:32 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-12-12 16:32 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-12-12 16:32 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-12-12 16:32 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-12-12 16:32 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-12-12 16:32 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-12-12 16:32 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-12-12 16:32 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-12-12 16:32 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-12-12 16:32 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-12-12 16:32 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-12-12 16:32 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-12-12 16:32 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2017-12-12 16:32 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2017-12-12 16:32 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-12-12 16:32 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-12-12 16:32 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-12-12 16:32 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-12-12 16:32 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-12-12 16:32 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-12-12 16:32 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-12-12 16:31 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2017-12-12 16:31 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-12-12 16:31 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-12-12 16:31 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
    2017-12-12 16:31 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2017-12-12 16:31 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2017-12-12 16:31 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
    2017-12-12 16:31 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2017-12-12 16:31 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-12-12 16:31 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2017-12-12 16:31 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-12-12 16:31 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-12-12 16:31 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2017-12-12 16:31 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2017-12-12 16:31 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2017-12-12 16:31 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2017-12-12 16:31 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-12-12 16:31 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-12-12 16:31 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-12-12 16:31 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-12-12 16:31 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-12-12 16:31 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2017-12-12 16:31 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
    2017-12-12 16:31 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-12-12 16:31 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-12-12 16:31 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-12-12 16:31 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-12-12 16:31 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2017-12-12 16:31 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2017-12-12 16:31 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2017-12-12 16:31 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2017-12-12 16:31 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2017-12-12 16:31 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-12-12 16:31 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-12-12 16:31 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2017-12-12 16:31 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-12-12 16:31 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-12-12 16:31 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
    2017-12-12 16:31 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-12-12 16:31 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-12-12 16:31 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-12-12 16:31 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2017-12-12 16:31 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-12-12 16:31 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-12-12 16:31 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-12-12 16:31 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-12-12 16:31 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-12-12 16:31 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2017-12-12 16:31 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2017-12-12 16:31 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-12-12 16:31 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
    2017-12-12 16:31 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-12-12 16:31 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-12-12 16:31 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
    2017-12-12 16:31 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
    2017-12-12 16:31 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
    2017-12-12 16:31 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
    2017-12-12 16:31 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
    2017-12-12 16:31 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-12-12 16:31 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-12-12 16:31 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
    2017-12-12 16:31 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-12-12 16:31 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2017-12-12 16:31 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2017-12-12 16:31 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2017-12-12 16:31 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-12-12 16:31 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
    2017-12-12 16:31 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2017-12-12 16:31 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
    2017-12-12 16:31 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
    2017-12-12 16:31 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
    2017-12-12 16:31 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
    2017-12-12 16:31 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
    2017-12-12 16:31 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2017-12-12 16:31 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2017-12-12 16:31 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-12-12 16:31 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
    2017-12-12 16:31 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-12-12 16:31 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2017-12-12 16:31 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-12-12 16:31 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-12-12 16:31 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2017-12-12 16:31 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-12-12 16:31 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2017-12-12 16:31 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2017-12-12 16:31 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
    2017-12-12 16:31 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-12-12 16:31 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2017-12-12 16:31 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2017-12-12 16:31 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-12-12 16:31 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2017-12-12 16:31 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-12-12 16:31 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2017-12-12 16:31 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-12-12 16:31 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2017-12-12 16:31 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-12-12 16:31 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-12-12 16:31 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2017-12-12 16:31 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2017-12-12 16:31 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2017-12-12 16:31 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2017-12-12 16:31 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2017-12-12 16:31 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2017-12-12 16:31 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-12-12 16:31 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2017-12-12 16:31 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2017-12-12 16:31 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-12-12 16:31 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2017-12-12 16:31 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-12-12 16:31 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2017-12-12 16:31 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2017-12-12 16:31 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2017-12-12 16:31 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2017-12-12 16:31 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2017-12-12 16:31 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2017-12-12 16:31 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2017-12-12 16:31 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2017-12-12 16:31 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-12-12 16:31 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
    2017-12-12 16:31 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-12-12 16:31 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2017-12-12 16:31 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2017-12-12 16:31 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-12-12 16:31 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
    2017-12-12 16:31 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-12-12 16:31 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2017-12-12 16:31 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-12-12 16:31 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2017-12-12 16:31 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2017-12-12 16:31 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2017-12-12 16:31 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2017-12-12 16:31 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-12-12 16:31 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2017-12-12 16:31 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2017-12-12 16:31 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-12-12 16:31 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2017-12-12 16:31 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2017-12-12 16:31 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-12-12 16:31 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2017-12-12 16:31 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2017-12-12 16:31 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2017-12-12 16:31 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-12-12 16:31 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-12-12 16:31 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-12-12 16:31 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2017-12-12 16:31 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-12-12 16:31 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2017-12-12 16:31 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
    2017-12-12 16:31 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-12-12 16:31 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2017-12-12 16:31 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-12-12 16:31 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-12-12 16:31 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-12-12 16:31 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2017-12-12 16:31 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2017-12-12 16:31 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
    2017-12-12 16:31 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2017-12-12 16:31 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
    2017-12-12 16:31 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2017-12-12 16:31 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
    2017-12-12 16:31 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
    2017-12-12 16:31 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-12-12 16:31 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2017-12-12 16:31 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-12-12 16:31 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2017-12-12 16:31 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-12-12 16:31 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-12-12 16:31 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2017-12-12 16:31 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
    2017-12-12 16:31 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2017-12-12 16:31 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
    2017-12-12 16:31 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2017-12-12 16:31 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-12-12 16:31 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2017-12-12 16:31 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-12-12 16:31 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
    2017-12-12 16:31 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
    2017-12-12 16:31 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2017-12-12 16:31 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2017-12-12 16:31 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-12-12 16:31 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-12-12 16:31 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2017-12-12 16:31 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
    2017-12-12 16:31 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2017-12-12 16:31 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2017-12-12 16:31 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2017-12-12 16:31 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-12-12 16:31 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-12-12 16:31 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-12-12 16:31 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-12-12 16:31 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-12-12 16:31 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-12-12 16:31 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-12-12 16:31 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-12-12 16:31 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-12-12 16:31 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2017-12-12 16:31 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-12-12 16:31 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
    2017-12-12 16:31 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
    2017-12-12 16:31 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2017-12-12 16:31 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
    2017-12-12 16:31 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2017-12-12 16:31 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-12-12 16:31 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
    2017-12-12 16:31 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2017-12-12 16:31 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
    2017-12-12 16:31 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
    2017-12-12 16:31 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2017-12-12 16:31 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2017-12-12 16:31 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2017-12-12 16:31 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-12-12 16:31 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2017-12-12 16:31 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-12-12 16:31 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2017-12-12 16:31 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2017-12-12 16:31 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-12-12 16:31 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2017-12-12 16:31 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2017-12-12 16:31 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2017-12-12 16:31 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-12-12 16:31 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
    2017-12-12 16:31 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-12-12 16:31 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-12-12 16:31 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-12-12 16:31 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-12-12 16:31 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-12-12 16:31 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
    2017-12-12 16:31 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
    2017-12-12 16:31 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2017-12-12 16:31 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
    2017-12-12 16:31 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-12-12 16:31 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2017-12-12 16:31 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2017-12-12 16:31 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-12-12 16:31 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-12-12 16:31 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-12-12 16:31 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-12-12 16:31 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
    2017-12-12 16:31 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
    2017-12-12 16:31 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2017-12-12 16:31 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
    2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
    2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
    2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
    2017-12-02 19:41 - 2017-12-02 19:41 - 000000072 _____ C:\Users\Evan\Documents\eu4ideas.txt
    2017-12-01 16:01 - 2017-12-01 16:01 - 000000000 ____D C:\Users\Evan\Downloads\Scenario_Editor_0.9.1
    2017-12-01 16:00 - 2017-12-01 16:00 - 000297119 _____ C:\Users\Evan\Downloads\Scenario_Editor_0.9.1.zip
    2017-12-01 15:35 - 2017-12-01 15:35 - 000000000 ____D C:\Users\Evan\Downloads\Scenario_Editor_0.9.5
    2017-12-01 15:32 - 2017-12-01 15:33 - 000301941 _____ C:\Users\Evan\Downloads\Scenario_Editor_0.9.5.zip
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-12-27 12:31 - 2017-11-26 01:19 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01B21D24-031A-4188-BA33-533CE41FA0CB}
    2017-12-27 12:29 - 2017-11-26 00:56 - 000000000 ____D C:\Users\Evan\AppData\Local\Packages
    2017-12-27 12:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-27 12:28 - 2017-11-26 00:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-12-26 22:32 - 2017-10-08 15:19 - 000000000 ____D C:\Program Files (x86)\RealRealSteam
    2017-12-26 22:32 - 2017-07-13 18:51 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
    2017-12-26 22:31 - 2017-11-26 01:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-12-26 22:30 - 2017-11-26 00:55 - 000000000 ____D C:\Users\Evan
    2017-12-26 22:30 - 2017-09-29 03:45 - 024117248 _____ C:\WINDOWS\system32\config\HARDWARE
    2017-12-26 22:30 - 2017-09-29 03:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2017-12-26 21:05 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-26 21:01 - 2017-11-16 00:18 - 000000000 ___DC C:\WINDOWS\Panther
    2017-12-26 21:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-12-26 21:01 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
    2017-12-26 18:42 - 2017-08-05 15:08 - 000000000 ____D C:\Program Files (x86)\Google
    2017-12-26 18:23 - 2017-08-05 10:14 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job
    2017-12-26 12:01 - 2017-11-26 01:18 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEvan
    2017-12-25 21:15 - 2017-10-14 19:41 - 000000000 ____D C:\Program Files\RealLeague
    2017-12-25 21:05 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2017-12-25 20:25 - 2017-07-28 14:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Battle.net
    2017-12-25 19:36 - 2017-07-28 14:54 - 000000000 ____D C:\Program Files (x86)\Blizzard App
    2017-12-25 11:09 - 2017-10-17 21:18 - 000000000 ____D C:\Program Files (x86)\Hearthstone
    2017-12-25 10:47 - 2017-03-22 23:09 - 000000000 ____D C:\ProgramData\SUPPORTDIR
    2017-12-25 10:47 - 2017-03-22 23:09 - 000000000 ____D C:\ProgramData\install_backup
    2017-12-25 10:47 - 2016-10-21 10:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-12-25 10:46 - 2017-03-22 23:12 - 000000000 ____D C:\ProgramData\CyberLink
    2017-12-25 10:43 - 2017-09-27 15:11 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Andy
    2017-12-25 10:40 - 2017-09-27 15:37 - 000000000 ____D C:\Users\Evan\AppData\Roaming\VMware
    2017-12-24 21:50 - 2017-10-08 10:14 - 000000000 ____D C:\Users\Evan\AppData\Roaming\TunnelBear
    2017-12-24 17:18 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\system
    2017-12-23 23:24 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
    2017-12-23 13:20 - 2017-09-03 15:04 - 000000000 ____D C:\Program Files (x86)\Arena
    2017-12-23 11:55 - 2017-07-15 10:32 - 000000000 ____D C:\Users\Evan\AppData\Roaming\discord
    2017-12-23 00:11 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-12-22 11:52 - 2017-07-15 10:31 - 000000000 ____D C:\Users\Evan\AppData\Local\Discord
    2017-12-22 11:50 - 2017-11-26 00:54 - 001047696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-12-22 11:47 - 2016-07-29 07:33 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-12-22 11:46 - 2017-11-26 09:38 - 000000000 ___RD C:\Users\Evan\3D Objects
    2017-12-22 11:43 - 2017-11-26 00:48 - 000269936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
    2017-12-22 11:40 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
    2017-12-22 11:40 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
    2017-12-19 03:41 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-12-19 03:38 - 2016-10-21 10:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-12-17 18:41 - 2016-10-21 10:50 - 000000000 ____D C:\ProgramData\Package Cache
    2017-12-12 16:41 - 2017-07-17 19:47 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-12-12 16:39 - 2017-10-10 18:19 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-12-12 16:38 - 2017-07-17 19:47 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-12-12 16:34 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2017-12-12 16:34 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-12-12 16:34 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2017-12-12 16:33 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2017-12-08 16:45 - 2017-11-26 01:19 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2198813628-2402096551-3996786398-1001
    2017-12-08 16:45 - 2017-07-13 18:55 - 000002371 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-12-08 16:45 - 2017-07-13 18:55 - 000000000 ___RD C:\Users\Evan\OneDrive
    2017-12-07 19:56 - 2017-11-26 03:44 - 000000000 ____D C:\Windows.old
    2017-12-01 16:04 - 2017-07-17 18:22 - 000000000 ____D C:\Users\Evan\Documents\My Games
    2017-11-29 16:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    C:\WINDOWS\system32\drivers\cgblorvy.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
    LastRegBack: 2017-12-17 15:15
    ==================== End of FRST.txt ============================
    Can't post addition here, too many characters.
     
    Last edited: Dec 27, 2017
  7. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    ----Addition.txt-----
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
    Ran by Evan (27-12-2017 12:38:29)
    Running from C:\Users\Evan\Downloads
    Windows 10 Home Version 1709 16299.125 (X64) (2017-11-26 06:23:29)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-2198813628-2402096551-3996786398-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2198813628-2402096551-3996786398-503 - Limited - Disabled)
    Evan (S-1-5-21-2198813628-2402096551-3996786398-1001 - Administrator - Enabled) => C:\Users\Evan
    Guest (S-1-5-21-2198813628-2402096551-3996786398-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-2198813628-2402096551-3996786398-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version: - )
    Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
    Barn Yarn Collector's Edition (HKLM-x32\...\WTA-018150a6-0d9b-4ea1-8a0e-7f26ca8bd492) (Version: 3.0.2.48 - WildTangent) Hidden
    Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
    Delete Doctor 2.3 (HKLM-x32\...\Delete Doctor) (Version: 2.3 - )
    Discord (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
    Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    EMCO MoveOnBoot 3.0 (HKLM\...\{AB85FE65-1E44-43FF-BE2A-CA2811EAB7CF}) (Version: 3.0.1.3569 - EMCO Software)
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    FreeMouseAutoClicker 3.8.3 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version: - Advanced Mouse Auto Clicker ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
    HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
    HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
    HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
    HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.5.37.19 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.8.47.1 - HP Inc.)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
    Intel(R) Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
    League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
    League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
    Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-8e53addf-f209-4ed7-94b6-52317cac87d9) (Version: 3.0.2.118 - WildTangent) Hidden
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.1.250.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mystika 2 (HKLM-x32\...\WTA-012ad41f-4cb0-410d-93fe-cce0c10c4ca7) (Version: 1.1.2.4 - WildTangent) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
    Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
    Runefall (HKLM-x32\...\WTA-1e75b8cf-14bf-48bc-abc5-1158fa9fd873) (Version: 3.0.2.126 - WildTangent) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
    Sparkle 2 (HKLM-x32\...\WTA-2d2ef3dd-0b0d-41bf-bbac-6382ff10fe81) (Version: 3.0.2.51 - WildTangent) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
    TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
    Transmission 2.92 (14714) (x64) (HKLM\...\{E2B281FA-6236-4F0D-B710-ECDB6B60EB5E}) (Version: 2.92.0 - Transmission Project)
    TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
    TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2017-12-25] ()
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\MCCTXM~1.DLL [2017-09-25] (McAfee, Inc.)
    ContextMenuHandlers1-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers4-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxDTCM.dll [2016-12-06] (Intel Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2017-12-25] ()
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\MCCTXM~1.DLL [2017-09-25] (McAfee, Inc.)
    ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0AA62996-B05B-43A2-86DB-AD9A3E13137D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
    Task: {0F606C80-D9C9-433F-8CB8-171223121E9A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
    Task: {127A0E5E-D23D-42CE-B756-CBC781ECF0FA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
    Task: {2F0999DD-65C2-43E8-ADA0-678ED4B1CA5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {3584E511-1922-4D3E-B9DD-58B54F7CACE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
    Task: {35D8B312-D4EC-4537-A73D-06B846316DC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-09-15] (Microsoft)
    Task: {4EE09D7F-3B5A-4D5F-8E5A-72956D2F2F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
    Task: {4FFFB024-1484-4C78-84ED-779162CC0D8A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
    Task: {54FD613E-45C7-4C5A-8110-BF733BC61A84} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {5796304F-C61A-4285-8DC9-4722DC4C89D5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
    Task: {5A06073C-86F6-4CA1-849C-8B89D71B42EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
    Task: {5C259217-6B0D-42B2-BAB9-9B360EC4322D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
    Task: {5CC03239-AFC8-4C89-B33A-ECB7B60BC068} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
    Task: {67D67830-8272-4419-8804-E32B3B96AA61} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-09-15] (Microsoft)
    Task: {6C7A5DB7-DD8B-485E-A01A-AD17DA20E28D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
    Task: {7E78CD9E-FBF1-4FFA-A8F4-7C30BC89AD76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
    Task: {7E849641-F26C-432F-8CF6-4877984BD351} - System32\Tasks\Opera scheduled Autoupdate 1514221558 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
    Task: {82B51764-1F96-4E1C-8CE1-AE1E52F6F7D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {8B9FB1E1-D099-4E35-8C4F-0660251DF4F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
    Task: {970C5E79-FE2A-403F-A793-DB1C9B83C0FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN6A83Q5Q9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
    Task: {9D00B49A-65C7-40DC-8A70-8087D23F29BA} - System32\Tasks\HPCeeScheduleForEvan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
    Task: {9D3298BC-607E-4E5D-9FAA-E56F9C097B87} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
    Task: {A16EC950-3D91-4AB2-B206-90A6DE4A43D2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
    Task: {A18229D4-977F-4DF5-9BF8-DDA031842F1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {A3749D4A-723E-4059-9CA9-7A70B2CA37D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {A9CC5C6F-1F90-4419-A7C4-688805362380} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {ACD8237C-2838-4D53-9180-738DA7D6324D} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {B5108366-8767-4EE0-9810-5CF91E7776C8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-05-30] (McAfee, Inc.)
    Task: {B85B22DC-C87F-4AD2-BC01-AF2864F4B2C8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {BD0DD682-4AE9-47CE-BE90-E66E70405D61} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-10-05] (McAfee, Inc.)
    Task: {C5BE5C07-4157-41FD-9D5C-901F90C6D19E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
    Task: {CC6A7E62-F548-4330-8797-C88187583F43} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-24] ()
    Task: {DABC5DFB-0B49-4609-8176-F8B1584D1D06} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
    Task: {DB1F3488-7081-4E4F-AD3A-DF7775FAEFDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {DF17BCD0-79CE-48A7-8064-21E479A33566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
    Task: {E382FE72-F6B3-4BFB-B627-42249612CD2C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {E66D4C7C-D6CE-4A5A-8FF3-5E2DF8DCB1E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
    Task: {E97B3EAD-25EE-4CC9-B9B1-FDD0E261235C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {EBA79248-EF6B-49E1-B8F7-A3CDA5153764} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {EFA4C9E8-B8CB-4674-9027-76CB418DAEE8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
    Task: {FA3A5129-58ED-4AE7-95C3-1214E0C3B3DF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
    ==================== Loaded Modules (Whitelisted) ==============
    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-10-03 10:56 - 2017-10-03 10:56 - 000764216 _____ () C:\ProgramData\CsHelper\CsHelper.exe
    2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
    2017-09-25 17:30 - 2017-09-25 11:48 - 001436400 _____ () C:\Program Files\McAfee\MSC\WscInteractionHandler.dll
    2017-12-26 22:23 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2010-07-14 23:44 - 2010-07-14 23:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2017-12-25 16:20 - 2017-12-25 16:21 - 000155504 _____ () C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll
    2017-07-17 12:58 - 2017-08-11 13:08 - 000595608 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
    2017-07-17 12:58 - 2017-08-11 13:08 - 000586728 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
    2017-12-12 16:31 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-12-12 16:31 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-11 13:51 - 2017-12-11 13:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-12-11 13:51 - 2017-12-11 13:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-12-11 13:51 - 2017-12-11 13:51 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-12-11 13:51 - 2017-12-11 13:51 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-12-26 21:05 - 2017-12-26 21:05 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
    2017-12-06 15:26 - 2017-12-06 15:26 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-11-01 14:58 - 2017-11-01 14:59 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2017-12-06 15:27 - 2017-12-06 15:28 - 001231528 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
    2017-12-08 16:44 - 2017-12-08 16:44 - 000102088 _____ () C:\Users\Evan\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
    2017-12-22 11:52 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Evan\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
    2017-12-23 11:54 - 2017-12-23 11:54 - 001886712 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
    2017-12-23 11:54 - 2017-12-23 11:54 - 001773560 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
    2017-12-22 11:52 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Evan\AppData\Local\Discord\app-0.0.299\libglesv2.dll
    2017-12-22 11:52 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Evan\AppData\Local\Discord\app-0.0.299\libegl.dll
    2017-12-23 11:54 - 2017-12-23 11:54 - 009802232 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
    2017-12-23 11:54 - 2017-12-23 11:54 - 001505784 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
    2017-12-23 11:54 - 2017-12-23 11:54 - 000513016 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
    2017-12-23 11:54 - 2017-12-23 11:54 - 002662904 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
    2017-12-23 11:54 - 2017-12-23 11:54 - 001517048 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
    2017-12-23 11:55 - 2017-12-23 11:55 - 002749944 _____ () \\?\C:\Users\Evan\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
    2017-12-26 18:42 - 2017-12-13 21:21 - 003062104 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
    2017-12-26 18:42 - 2017-12-13 21:21 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
    2017-12-23 22:54 - 2017-12-23 22:54 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\826c0bba7fa6fd5f6412c14023f2f65a\BRIDGECommon.ni.dll
    2017-12-23 22:55 - 2017-12-23 22:55 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\46bf26c73aaace1a20685b9eba5cfb24\CleanStartController.ni.dll
    2017-12-23 22:55 - 2017-12-23 22:55 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\0b248689a672f398869cc1b8186f0453\BridgeExtension.ni.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\Pictures\capybara-unusual-animal-friendship-fb__700-png (1).jpg
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{C6BCD309-4BD0-48DF-B1F3-48D5BBDBF131}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{03120D6A-EA50-451D-953B-54527D6B36C9}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{43C37F40-FC44-4C67-8D63-BEB71852B043}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
    FirewallRules: [{D88F1A4C-FADD-4FC9-8828-2C847BB729C8}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
    FirewallRules: [{D0D66E8A-BA84-4EB0-B0A3-64041A0C164B}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{B45C717E-9A46-41ED-8359-F7BDA416A5CD}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{F97EB3BE-A6DD-4159-B2FD-93CFEB4B0C44}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
    FirewallRules: [{9713DD79-AC54-4B5E-97BA-F0A1A34FE6BC}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
    FirewallRules: [{7D2C2E68-73BE-48BF-9266-754B69D2071F}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{52BC5E9B-4315-43DB-9343-AAF6817A16F7}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{B0FEC6AD-A296-48FC-AE18-947B589A425E}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{36CEAA1C-3BC8-4F6F-8EA3-02548308ACB4}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{46799E6F-2054-4A03-8C49-1B2AC6936F1C}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
    FirewallRules: [{AD88F79B-262B-4CD4-8FAD-DC43615EE0D1}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
    FirewallRules: [{8A4073BE-FBB5-4058-9178-1CC06472943A}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{92EE95A9-5DD2-44BD-8EDE-2165DBBC44DA}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
    FirewallRules: [{A7EB181F-B7EF-46CD-BF06-FEE7C726CA47}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{B526E05A-3FF5-4056-A0D5-0B2ADA796A7F}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
    FirewallRules: [{85065E44-E651-4F3A-BB52-AA991B9AA274}] => (Allow) C:\Users\Evan\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{063210C7-00D0-4022-80F3-3CA7E1004990}] => (Allow) C:\Users\Evan\AppData\Local\Temp\RemoveTemp.exe
    FirewallRules: [{A5444AC2-CB00-48E7-829C-FB824C7BBBCD}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{B16B24DF-7950-4EA7-AB3E-77560382D53B}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{AB69F460-25FF-4056-BD28-C55DCC88AB88}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{298991E8-4B59-4CFC-A614-A9AB1252EB58}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{C5EDAEE2-57EF-4DDA-A085-09C25FD1D996}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{5919B9FC-55CC-42A3-85E4-047D1B1F8034}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{11A0A9E4-CEF8-4328-8C95-B7ABF2F9DA96}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{A41E0804-0FCE-4E84-9C55-B141199D7B88}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{917F8134-6C56-4F2D-AAED-662D6CE5158C}] => (Allow) C:\Users\Evan\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{94144A2B-0452-45E0-8492-5A727AB22EF8}] => (Allow) C:\Users\Evan\AppData\Local\Temp\andy-x64\Setup.exe
    FirewallRules: [{EB9A15AF-434F-4AF7-90EF-431E7AA18CC0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{756FE586-2876-42B9-93F6-2C7A4B3664FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{225E018E-61BE-487D-935C-00F9B396EBFF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6147C958-1DBC-4675-975A-432DE6AC796B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{A33967E9-0948-4F07-A9BC-754EE23E6D65}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{F69AC16C-2530-4216-9B21-01772930AED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{92FA85FF-A0DC-4B6F-8809-1A7379BCA967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{2E5D7AC8-1B3E-4246-85B6-FC5352123E18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
    FirewallRules: [{5684BCE4-A842-477B-872C-8ABE7305D92E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
    FirewallRules: [{A463ED7C-3625-4E31-A210-658BFAAD72CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{5468A2E5-8E48-4810-B27B-3EDFF84181F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{79937C09-875B-49CF-B2DF-B6B0A0E2AF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{9CD51942-E340-46FA-8DE2-407DDF54498C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{01504BC4-9F3A-483C-867D-2AF14F32A711}] => (Allow) C:\Program Files (x86)\RealSteam\Steam.exe
    FirewallRules: [{49D1963C-706A-4C77-A657-0D72BAC9112E}] => (Allow) C:\Program Files (x86)\RealSteam\Steam.exe
    FirewallRules: [{92905656-0DEE-421A-A095-2EAFED969724}] => (Allow) C:\Program Files (x86)\RealSteam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{F67F477F-7E86-4CED-88EE-2B2A6E16CBFB}] => (Allow) C:\Program Files (x86)\RealSteam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{B5BB2489-1369-46ED-B5D7-5034C4E75008}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{D80E069D-E86D-49D3-82C5-14E3A7342629}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{86D4A1D2-75EE-4B2C-89E0-3D79C5A45F38}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{98FE66D7-3718-46CF-9381-35972FA32813}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{E40CB4CB-4A2A-401C-9457-59E34B745C8F}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{E46FDF5B-3489-4795-AB66-3E44CE5752E9}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{A5A91B27-91C7-4155-93A3-3E957F2E2109}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Solarium\Solarium.exe
    FirewallRules: [{9B823932-522E-4693-8563-4B199A72ADE1}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Solarium\Solarium.exe
    FirewallRules: [{E56212F5-9BF1-4141-8039-90CB7963B102}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{2B0A9BD2-299C-45DE-A53A-FC6420B0DF7A}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{47B4E1F8-B243-4911-8D06-BA995B66358D}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
    FirewallRules: [{1E6B5AC3-7FBE-4780-8C6E-5F955ED05F0D}] => (Allow) LPort=13148
    FirewallRules: [{13A97FC5-54E9-4715-A427-E00B40E82E83}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Defcon\Defcon.exe
    FirewallRules: [{480A7C92-39CB-408A-B985-3A1DCDB8F840}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Defcon\Defcon.exe
    FirewallRules: [{2B7E38DB-2E8A-4C6A-B788-7D810B441410}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Unturned\Unturned_BE.exe
    FirewallRules: [{DC97A0A6-BE23-4AF2-BFB8-C3373649BF29}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Unturned\Unturned_BE.exe
    FirewallRules: [{58A91DAF-B46F-4CFF-8C29-3CC414F74241}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{1BB5CF26-6549-4E49-A770-79C06ED41C7F}] => (Allow) C:\Program Files (x86)\RealSteam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{22BCF977-4D11-4114-846B-B571F5DEE327}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{D2F94D59-4ED0-4188-A8C3-A258CBD42AE5}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{CBBB4416-47CE-434C-9777-4A2EB1867A93}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
    FirewallRules: [{F44EEE79-B00B-48CD-8DC2-BDE343BB1AAB}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
    FirewallRules: [{FCAA99A6-E69F-432A-9A91-4221A2CB81FE}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
    FirewallRules: [TCP Query User{C20BCE66-C32F-4EE7-8238-E1E945B01328}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{1243EEB5-8AEA-4CA2-9C8A-AB10A23200E4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{E6378CFB-1205-4ABB-B029-C7AFCB09BE38}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
    FirewallRules: [UDP Query User{F8D6A6A9-8EFD-45C5-8812-B249F10E084E}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
    FirewallRules: [{FDB1A86F-935D-4AAA-B72A-72411B7B8FFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{90683AE6-A8E0-4083-8004-CD270174D7B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{5737B5DA-B0DB-4C45-AB86-55645DFB0307}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
    FirewallRules: [TCP Query User{BAF63F8C-E6C1-4020-8111-B44BCF6583B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{DA6F5706-FB8E-4BCA-90F9-38289C50CF14}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    ==================== Restore Points =========================
    22-12-2017 15:49:30 Windows Modules Installer
    24-12-2017 17:01:20 Installed Transmission 2.92 (14714) (x64)
    26-12-2017 21:05:25 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    ==================== Faulty Device Manager Devices =============
    Name: TunnelBear Adapter V9
    Description: TunnelBear Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TunnelBear Provider V9
    Service: tap-tb-0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (12/27/2017 12:28:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2017.39101.16720.0, time stamp: 0x5a2aef80
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
    Exception code: 0xc000027b
    Fault offset: 0x0000000000489f7d
    Faulting process id: 0x504
    Faulting application start time: 0x01d37f3815782b6b
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: 5b880362-ff3e-4dae-afd9-fb389ac91e5e
    Faulting package full name: Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Error: (12/27/2017 12:28:25 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LAPTOP-9VM6RJTH)
    Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147024893
    Error: (12/27/2017 12:28:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: LAPTOP-9VM6RJTH)
    Description: C:\Users\Evan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalStateMicrosoft.Windows.Photos_8wekyb3d8bbwe-2147024894
    Error: (12/27/2017 12:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 42959938
    Error: (12/27/2017 12:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 42959938
    Error: (12/27/2017 12:28:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (12/27/2017 12:28:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 42958406
    Error: (12/27/2017 12:28:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 42958406
    Error: (12/27/2017 12:28:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (12/27/2017 12:28:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 42957219
    System errors:
    =============
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    Error: (12/27/2017 12:36:33 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk0\DR0.
    CodeIntegrity:
    ===================================
    Date: 2017-12-27 12:31:17.286
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:31:17.284
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:29:06.378
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:29:06.377
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:49.934
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:49.933
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:31.148
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:31.146
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:25.795
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    Date: 2017-12-27 12:28:25.793
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 73%
    Total physical RAM: 8107.91 MB
    Available physical RAM: 2128.25 MB
    Total Virtual: 10411.91 MB
    Available Virtual: 3399.45 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:815.31 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: DEFADD61)
    Partition: GPT.
    ==================== End of Addition.txt ============================
    One thing I see it's worried about is "Cshelper.exe" which I'm sure is bad for the computer. A google search confirms it and before a different malware removal program I tried kept trying to stop it.
     
    Last edited: Dec 27, 2017
  8. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    Just an update, my computer is still more sluggish than it was before the virus (prety sure its not placebo).
     
  9. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Thanks for uploading your logs. Give me a bit to analyze them, and I'll post back with further instructions [emoji4]

    Sent from my SM-G935V using Tapatalk
     
  10. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Almost finished, my friend. I'm about to send over my fix to my instructor and I will get back to you. Initially, I do not see anything that stands out to me that is malware related, just a few formalities. I would like to see the logs that Malwarebytes and AdwCleaner created, but I will ask for those in a future post. Sometimes the logs they create can be difficult to find ;).

    How does your computer seem to be performing now? Still sluggish?
     
  11. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Hi goodusername,

    Did you manually set a Firewall rule on port 13148?

    For the following steps you will need:
    • a clean computer - malware free
    • a USB flash drive

    Step 1 of 3: Immunize USB Flash Drive

    For this step, you will need an empty USB Flash Drive. Almost any size will do. We are first going to immunize the drive from being able to run anything automatically to prevent the transfer of any malware to another computer.
    • From a known clean computer, please download USB Immunizer. The download button is green and is located on the right-hand side of the page.
    • Plug your USB Flash Drive into the clean computer.
    • Now run the Bitdefender USB Immunizer tool.
    • Accept the license agreement.
    • Click on the Red USB icon that corresponds to the USB drive you are going to use on the other computer.
    • The tool will run automatically.
    • The icon will turn Green to let you know it's been immunized.
      Note: you may see an advertisement for Bitdefender products that you may close.

    Step 2 of 3: Download FRST and Transfer to Flash Drive
    Still on the clean computer
    , please download Farbar Recovery Scan Tool and save it to your newly immunized USB Flash Drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. (You will need the 64-bit version it seems.)

    Eject the USB Drive from the clean machine - do NOT plug into the infected machine yet.

    Step 3 of 3: FRST - Recovery Environment - Infected Computer

    Boot in the Recovery Environment
    • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

    Insert the USB Flash Drive into the infected machine.

    Once in the command prompt
    • In the command prompt, type notepad and press on Enter
    • Notepad will open. Click on the File menu and select Open
    • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
    • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
    • Note: Replace the letter e with the drive letter of your USB Flash Drive
    • FRST will open
    • Click on Yes to accept the disclaimer
    • Click on the Scan button and wait for the scan to complete
    • It will make a log - FRST.txt on the flash drive.
    • Close FRST and the Command Prompt
    • Click Continue to return to Normal Mode
    • When your computer is running in Normal Mode, locate the FRST.txt file on the USB drive and Copy and Paste the contents in your next reply


    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The answer to my Firewall rule - Port 13148 question
    • The copied and pasted results of the FRST.txt log
     
  12. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    The USB Immunizer program won't open. It simply asks for my permission to run it since it's from an unidentified developer. I click yes and nothing happens. I've downloaded it twice and tried both exe's. Neither work.
     
  13. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Please move ahead to Step 2 :), and remember that Step 2 is working with a malware free computer - not the computer you had initially posted about.
     
  14. goodusername

    goodusername Thread Starter

    Joined:
    Dec 25, 2017
    Messages:
    8
    Sorry, I'm not going to do this. I don't have easy access to another computer so it would take me a while anyway and I'm just not putting more effort into a problem that is fixed. Say what you will, there maybe residue but as of yet I've had no problems recently. If someday it bites back and it turns out has been sitting there and messing things up I'll use this site.
    I'm going to run the command prompt 'sfc /scannow' command though to check if any files are messed up.
     
    Last edited: Jan 1, 2018
  15. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    68
    Okay, no problem. That's completely up to you, but please be aware that the main driver for this type of infection is still on your machine. I will consider this thread closed.

    Sent from my SM-G935V using Tapatalk
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1201723

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice