View Full Version : I need help, I do not know what to do about this possible malware/rookit
kenanmp7
2017-12-21, 07:54
So first off I don't know anything about anything and have just been following instructions from random articles on how to remove malware/rookits.
It first started when I wasn't able to open up chrome, which led me to try and open task manager to end it but when I tried to open task manager it didn't let me, some .exe error thing popped up. I didn't think much of it and just went on to use the edge browser but since then the situation has gotten worse. I can't open up most files, like videos, pictures, etc I just get a class not registered error. the windows button and search bar in the bottom left corner are unresponsive and I can't access any settings, I get a message saying "this file does not have a program associated with it" I can't open any command prompt or whatever else most articles were saying to do. While I still had access to the Edge browser I tried to download Malwarebytes but it didn't let me install it, another .exe error or something. Next I decided to just say screw it and format my pc, since I couldn't access the windows button I had to do the hold shift and click restart method. Sadly the formatting process failed, I assume whatever my pc has is preventing me from doing so, I tried 3 more times but still nothing. So what I did after was booting my pc into safe mode with networking. I managed to look through my files and find internet explorer, the only browser that still works. With it I downloaded Rkill and it did it's thing which then let me download Malwarebytes, but Malwarebytes found 0 threats. I tried TDSSkiller next, nothing. So now here I am trying SpyBot. I ran a deep scan for rookits and some hklm registry keys popped up and I'm not sure whether to deleted them or not. If I need to provide any additional information I will, just please help me get rid of this thing.
Edit
The malware forum's FAQ: http://forums.spybot.info/showthread.php?t=288
I don't know what I did wrong with my post for the fyi but if I was missing information needed here it is I think. Somebody please just help or tell me how to post to get proper help because after reading the faq I have no idea what I did wrong.
// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0BE7365E4CF77E116BD159EB7595E4CA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0A13FDF61E754587.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0BDC3D8264C2C3D4.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF55BFE0012B9E915A.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6B58BAB04CBB3235.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6BFCBAFF39288B9A.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF712992F7C36790AB.TMP"
File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF8A0B930BEB0DF89E.TMP"
File:"Unknown ADS","C:\ProgramData\Intel\Wireless\Settings:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AlphaConsole:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Video Win Movie Maker:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Steam\steamapps\common\rocketleague:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Bluetooth:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\WiFi\bin:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\CNext\CCCSlim:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\VEGAS\VEGAS Pro 15.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Intel\WirelessCommon:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\PRW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CNext\CNBranding:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext\ffmpeg:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CIM\BIN64:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
If in normal mode you cannot download the below tool, boot pc into safe mode with networking
http://i.imgur.com/iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
Download the right version of FRST for your system:
FRST 32-bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/)
FRST 64-bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/)
Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
Move the executable (FRST.exe or FRST64.exe) on your Desktop
Right-click on the executable and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
Make sure the Addition.txt box is checked
Click on the Scan button
http://i.imgur.com/KSJwAxg.png
On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
Copy and paste the content of both FRST.txt and Addition.txt in your next reply
created by Aura
kenanmp7
2017-12-21, 13:22
Thank you for the response, here ya go
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by kenan (administrator) on DESKTOP-8UJQ7IU (21-12-2017 06:15:00)
Running from C:\Users\kenan\AppData\Local\Microsoft\Windows\INetCache\IE\C16OIGDH
Loaded Profiles: kenan (Available Profiles: kenan)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198592 2017-02-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\VideoConverterFree\BrowserPlugInHelper.exe [410472 2012-09-28] (Wondershare Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\kenan\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Spotify] => C:\Users\kenan\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-15] (Spotify Ltd)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-11-09] (Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1548680 2017-11-02] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [GoogleChromeAutoLaunch_E1F3A522677C32194697682E35E41970] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Spotify Web Helper] => C:\Users\kenan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-15] (Spotify Ltd)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 162.150.8.37 162.150.21.37
Tcpip\..\Interfaces\{59617933-9a0e-4989-a0b4-e0af5c9e7167}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9c020dea-8882-4312-ae78-a59e16a24d73}: [DhcpNameServer] 162.150.8.37 162.150.21.37
Internet Explorer:
==================
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2012-09-28] (Wondershare Software Co., Ltd.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2017-10-19] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
CHR Extension: (Slides) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
CHR Extension: (YouTube) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
CHR Extension: (Steam Inventory Helper) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-14]
CHR Extension: (Sheets) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
CHR Extension: (AdBlock) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-02]
CHR Extension: (Gmail) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-02] (AMD)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-03-31] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-04-01] (Advanced Micro Devices, Inc)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
S3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-02] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-02] (Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-12] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [113160 2016-11-04] (Intel Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253696 2017-01-13] (Intel Corporation)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-20] (Malwarebytes)
S1 MpKsl2af69dc9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{370E15E5-C8FE-460B-94F8-F56BED5592B2}\MpKsl2af69dc9.sys [58120 2017-12-20] () [File not signed]
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-21 06:14 - 2017-12-21 06:15 - 000000000 ____D C:\FRST
2017-12-20 23:46 - 2017-12-20 23:46 - 000000000 ____D C:\Users\kenan\Documents\ProcAlyzer Dumps
2017-12-20 23:44 - 2017-12-20 23:44 - 000004246 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2017-12-20 23:40 - 2017-12-20 23:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-20 19:20 - 2017-12-20 19:20 - 000000000 ____D C:\$Windows.~BT
2017-12-20 19:17 - 2017-12-20 19:22 - 000000000 ___HD C:\$SysReset
2017-12-20 05:57 - 2017-12-20 14:52 - 000524472 _____ C:\TDSSKiller.3.1.0.15_20.12.2017_05.57.03_log.txt
2017-12-20 05:53 - 2017-12-20 05:53 - 000000000 ____D C:\Users\kenan\AppData\Local\ElevatedDiagnostics
2017-12-20 05:11 - 2017-12-20 17:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-20 05:11 - 2017-12-20 05:12 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-20 05:11 - 2017-12-20 05:11 - 000001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-20 05:11 - 2017-12-20 05:11 - 000001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-20 05:11 - 2017-12-20 05:11 - 000000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-12-20 05:11 - 2017-12-20 05:11 - 000000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-12-20 05:11 - 2017-12-20 05:11 - 000000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-12-20 05:11 - 2017-12-20 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-20 05:11 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-12-20 04:45 - 2017-12-20 23:40 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-20 04:45 - 2017-12-20 04:45 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-20 04:45 - 2017-12-20 04:45 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-20 04:45 - 2017-12-20 04:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-20 04:45 - 2017-12-20 04:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-20 04:45 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-20 04:42 - 2017-12-20 17:53 - 000001896 _____ C:\Users\kenan\Desktop\Rkill.txt
2017-12-20 03:52 - 2017-12-20 23:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-20 03:51 - 2017-12-20 23:50 - 001153536 _____ C:\WINDOWS\ntbtlog.txt
2017-12-20 00:32 - 2017-12-20 00:32 - 933034737 _____ C:\WINDOWS\MEMORY.DMP
2017-12-20 00:32 - 2017-12-20 00:32 - 001227084 _____ C:\WINDOWS\Minidump\122017-23625-01.dmp
2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.011
2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.010
2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.009
2017-12-18 17:57 - 2017-12-18 17:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-12-16 12:17 - 2017-12-20 17:11 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4146EC12-38C2-4FFA-80C8-83B6CE2D9A04}
2017-12-13 10:04 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-13 10:04 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 09:55 - 2017-12-13 09:55 - 000000072 ___SH C:\bootTel.dat
2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.008
2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.007
2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.006
2017-12-12 01:40 - 2017-12-12 01:44 - 000008674 _____ C:\Users\kenan\Documents\preview.wlmp
2017-12-09 01:39 - 2017-12-18 06:27 - 000065311 _____ C:\Users\kenan\Documents\m2boi.wlmp
2017-12-07 23:56 - 2017-12-08 00:52 - 1253925746 _____ C:\Users\kenan\Documents\The montage.mp4
2017-12-07 07:55 - 2017-12-07 07:55 - 000000000 __SHD C:\found.000
2017-12-05 16:36 - 2017-12-05 22:56 - 000095401 _____ C:\Users\kenan\Documents\kkill me3.wlmp
2017-12-05 16:16 - 2017-12-05 16:36 - 000096383 _____ C:\Users\kenan\Documents\kkill me 2.wlmp
2017-12-03 23:50 - 2017-12-03 23:50 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:50 - 2017-12-03 23:50 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-02 11:14 - 2017-12-02 11:14 - 000000000 ____D C:\found.005
2017-12-02 11:14 - 2017-12-02 11:14 - 000000000 ____D C:\found.002
2017-12-01 20:31 - 2017-12-01 21:26 - 671787453 _____ C:\Users\kenan\Documents\do dis look bettar.mp4
2017-11-30 22:32 - 2017-12-01 20:22 - 026023594 _____ C:\Users\kenan\Documents\Untitled.mp4
2017-11-30 22:32 - 2017-11-30 22:32 - 400855071 ____T C:\Users\kenan\Documents\mvm774D.tmp
2017-11-30 19:07 - 2017-12-20 00:32 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-29 06:24 - 2017-12-05 23:21 - 000097813 _____ C:\Users\kenan\Documents\kkill me.wlmp
2017-11-26 20:52 - 2017-11-26 20:52 - 000000000 ____D C:\found.004
2017-11-26 20:52 - 2017-11-26 20:52 - 000000000 ____D C:\found.003
2017-11-25 21:30 - 2017-11-25 21:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-25 21:29 - 2017-11-25 21:30 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-25 21:29 - 2017-11-25 21:29 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-25 21:27 - 2017-11-25 21:27 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-25 21:27 - 2017-11-25 21:27 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-25 21:27 - 2017-11-25 21:27 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-25 21:27 - 2017-11-25 21:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-25 19:13 - 2017-11-25 19:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-25 19:12 - 2017-11-25 19:12 - 000000000 ___HD C:\Users\kenan\MicrosoftEdgeBackups
2017-11-25 19:11 - 2017-11-25 19:11 - 000000020 ___SH C:\Users\kenan\ntuser.ini
2017-11-25 19:11 - 2017-11-25 19:11 - 000000000 ___RD C:\Users\kenan\3D Objects
2017-11-25 19:11 - 2017-11-25 19:11 - 000000000 ____D C:\Users\kenan\AppData\Local\PackageStaging
2017-11-25 18:55 - 2017-11-25 18:55 - 000000000 ____D C:\ProgramData\USOShared
2017-11-25 18:52 - 2017-12-20 23:35 - 001325544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-25 18:49 - 2017-11-25 18:49 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-25 18:49 - 2017-11-25 18:49 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-11-25 18:49 - 2017-11-25 18:49 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-11-25 18:48 - 2017-12-20 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-25 18:48 - 2017-11-29 22:32 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2017-11-25 18:48 - 2017-11-25 18:49 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-25 18:48 - 2017-11-25 18:49 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-500
2017-11-25 18:48 - 2017-11-25 18:48 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-25 18:48 - 2017-11-25 18:48 - 000002664 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-11-25 18:48 - 2017-11-25 18:48 - 000002558 _____ C:\WINDOWS\System32\Tasks\AMD ThankingURL
2017-11-25 18:48 - 2017-11-25 18:48 - 000002524 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-11-25 18:48 - 2017-11-25 18:48 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-11-25 18:40 - 2017-11-25 18:40 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-25 18:39 - 2017-12-13 18:07 - 000000000 ____D C:\Users\kenan\AppData\Local\Packages
2017-11-25 18:38 - 2017-12-20 18:56 - 000000000 ____D C:\Users\kenan
2017-11-25 18:38 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-25 18:35 - 2017-12-21 06:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-25 18:35 - 2017-12-20 00:39 - 005005464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-24 02:08 - 2017-11-24 02:08 - 000000761 _____ C:\Users\kenan\Downloads\Documents - Shortcut.lnk
2017-11-23 09:55 - 2017-11-23 14:53 - 000086356 _____ C:\Users\kenan\Documents\ranked.wlmp
2017-11-22 02:16 - 2017-11-22 02:21 - 000000000 ____D C:\Users\kenan\AppData\Roaming\HandBrake
2017-11-22 02:16 - 2017-11-22 02:16 - 000000000 ____D C:\Users\kenan\AppData\Roaming\HandBrake Team
2017-11-22 02:15 - 2017-11-25 18:44 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2017-11-22 02:15 - 2017-11-22 02:15 - 000000872 _____ C:\Users\kenan\Desktop\HandBrake.lnk
2017-11-22 02:15 - 2017-11-22 02:15 - 000000000 ____D C:\Program Files\HandBrake
2017-11-22 02:14 - 2017-11-22 02:14 - 010468271 _____ C:\Users\kenan\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-20 23:39 - 2017-04-11 11:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-12-20 18:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-20 17:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-20 17:12 - 2017-10-02 07:17 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Spotify
2017-12-20 17:12 - 2017-10-02 07:17 - 000000000 ____D C:\Users\kenan\AppData\Local\Spotify
2017-12-20 16:16 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-20 03:49 - 2017-10-02 07:36 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-20 03:48 - 2017-10-02 07:00 - 000000000 ___RD C:\Users\kenan\OneDrive
2017-12-20 01:53 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-20 00:45 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Roaming\discord
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-20 00:37 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-19 13:19 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-19 13:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-19 06:28 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-18 17:59 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-18 17:57 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-18 17:57 - 2017-04-07 16:15 - 000000000 ____D C:\Program Files\Microsoft Office
2017-12-16 12:24 - 2017-10-02 07:10 - 000000000 ____D C:\Users\kenan\AppData\Local\Google
2017-12-14 20:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SystemApps
2017-12-14 20:09 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2017-12-13 10:09 - 2017-10-01 17:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 10:08 - 2017-10-10 12:34 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 10:08 - 2017-10-01 17:30 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 17:39 - 2017-10-02 07:13 - 000002240 _____ C:\Users\kenan\Desktop\Discord.lnk
2017-12-11 17:39 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-11 17:38 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Local\Discord
2017-12-06 18:50 - 2017-10-01 19:33 - 000000000 ____D C:\Users\kenan\AppData\Roaming\obs-studio
2017-12-03 17:38 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-03 17:38 - 2017-09-29 08:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 20:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-29 22:32 - 2017-10-02 07:00 - 000002370 _____ C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-26 03:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-25 21:34 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-25 21:32 - 2017-11-14 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-11-25 21:32 - 2017-10-22 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-11-25 21:32 - 2017-10-20 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
2017-11-25 21:32 - 2017-10-19 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 17
2017-11-25 21:32 - 2017-10-17 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2017-11-25 21:32 - 2017-10-02 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-11-25 21:32 - 2017-10-02 10:15 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-25 21:32 - 2017-10-02 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-25 21:32 - 2017-10-02 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-25 21:32 - 2017-10-01 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-11-25 21:32 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-25 21:32 - 2017-04-11 11:25 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-11-25 21:32 - 2017-04-11 11:24 - 000000000 ____D C:\Program Files\Intel
2017-11-25 21:32 - 2017-04-11 11:20 - 000000000 ____D C:\Program Files\AMD
2017-11-25 21:32 - 2017-04-07 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-25 21:32 - 2017-04-03 12:56 - 000000000 ___HD C:\WINDOWS\OEM
2017-11-25 21:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-25 21:30 - 2017-11-14 15:17 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-11-25 21:30 - 2017-10-31 03:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2017-11-25 21:30 - 2017-10-19 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-11-25 21:30 - 2017-04-11 11:35 - 000000000 ____D C:\Program Files\Realtek
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-25 19:27 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-25 19:11 - 2017-11-20 01:57 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-25 19:11 - 2017-10-02 06:57 - 000000000 ____D C:\Users\kenan\AppData\Local\TileDataLayer
2017-11-25 19:11 - 2017-04-03 12:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-25 18:55 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-25 18:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-25 18:50 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-25 18:48 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-25 18:44 - 2017-10-31 12:53 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-11-25 18:44 - 2017-10-31 12:51 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-11-25 18:44 - 2017-10-02 10:00 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-25 18:44 - 2017-10-02 07:47 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-25 18:40 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-25 18:38 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\ProgramData\Audyssey Labs
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-12-16 11:34
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by kenan (21-12-2017 06:15:43)
Running from C:\Users\kenan\AppData\Local\Microsoft\Windows\INetCache\IE\C16OIGDH
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-25 23:52:03)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
kenan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\kenan
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AlphaConsole version 8.0 (HKLM-x32\...\{83CB5404-7E78-4B1F-B0D5-A8D0FCDA9B7D}_is1) (Version: 8.0 - AlphaConsole)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.299 - Discord Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Movavi Video Converter 17 (HKLM-x32\...\Movavi Video Converter 17) (Version: 17.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8059 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wondershare Video Converter Free(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.0.1.0 - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2012-09-21] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {281C13EE-2F71-45B6-8FBB-15112ED57A4E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {31D34E13-37BE-4989-AD75-7A7C36F2C899} - System32\Tasks\AMD ThankingURL => "" [Argument = -LAUNCHTHQURL]
Task: {3A9D7F47-4F2B-47F4-BFF0-262DCB74BEF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {4A98B3F7-F03E-481C-886B-CF52A7B399BA} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
Task: {4FE111FC-CD4E-4909-8453-440C3C6B7F39} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-18] (Microsoft Corporation)
Task: {72883E6B-1D0E-4491-B030-6BE6D329BA74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
Task: {820D48C2-C720-4CCA-A9CC-59C617BBBBB3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {B0FCFA0C-5A4A-494A-BB37-2E2691F1A18B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)
Task: {B94AFC42-2992-4D12-92DE-C2583EC78071} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
Task: {C2DCFBEB-195B-43A7-99E5-64373139D141} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {E8023043-6004-4263-99AB-8FB4E4B6DD5F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-20 04:45 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-19 07:23 - 2012-09-21 09:25 - 000727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-12-11 17:57 - 2017-12-11 17:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-11 17:57 - 2017-12-11 17:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-20 05:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-20 05:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-20 05:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-20 05:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kenan\Downloads\black-screen.png
DNS Servers: 162.150.8.37 - 162.150.21.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CB4A2747-F454-43E7-9544-A47BCFA02A72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{FB4C9336-A531-488D-AEAE-688A627328EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{C909428C-F32E-4AE7-A7B0-FF3255401339}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{791BE967-2866-4426-ABAA-D97681664E1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{33A31565-4E74-4BC8-A57B-44DB916A297A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4826F9E9-E74A-421D-AC1D-A61418471D4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9AD7CE11-1CB5-4600-B5C0-474E9CDFC274}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{6991F297-DC87-4E87-98C8-6124C1779FE4}C:\users\kenan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8706F898-0D2D-40C0-9243-4F1C1FD0A488}C:\users\kenan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{801B73F2-2B60-4091-9591-015336AD0ED3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2F1D190C-643F-41EF-94AF-D67823FDA069}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F529904A-52FC-4FF4-8E0E-754796A0A511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{58977BB7-850F-4B28-A333-DFF6A27119BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
17-12-2017 17:04:50 Windows Update
18-12-2017 19:17:09 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: Intel(R) Dual Band Wireless-AC 3165
Description: Intel(R) Dual Band Wireless-AC 3165
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2017 11:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0x80270233
Fault offset: 0x00000000001c4095
Faulting process id: 0x10c0
Faulting application start time: 0x01d37a137b3d6806
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: 990105a1-c490-41e2-85db-39068b3488aa
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 11:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
Exception code: 0x80270234
Fault offset: 0x000000000000d549
Faulting process id: 0x1520
Faulting application start time: 0x01d37a13694fdddf
Faulting application path: c:\windows\system32\sihost.exe
Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
Report Id: a8b6bf29-28e6-4286-896e-55af07882bef
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 05:04:02 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).
Error: (12/20/2017 05:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0x80270233
Fault offset: 0x00000000001c4095
Faulting process id: 0x84c
Faulting application start time: 0x01d379de6e075207
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: f612f9da-ea22-4aeb-8ec8-bad38a30f9f3
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 05:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
Exception code: 0x80270234
Fault offset: 0x000000000000d549
Faulting process id: 0x1768
Faulting application start time: 0x01d379de5c2091af
Faulting application path: c:\windows\system32\sihost.exe
Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
Report Id: 44fc6170-113c-4698-a418-6f2b5ee1f6d3
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 03:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0x0eedfade
Fault offset: 0x001008b2
Faulting process id: 0xd00
Faulting application start time: 0x01d379d45fda0340
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 69509252-fc0c-4437-9856-87015ed6c00c
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 03:48:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0x80270233
Fault offset: 0x00000000001c4095
Faulting process id: 0x10a4
Faulting application start time: 0x01d3796f472b995b
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: 4591ca86-c33e-4f41-825c-a88a5ec8956b
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 03:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
Exception code: 0x80270234
Fault offset: 0x000000000000d549
Faulting process id: 0x1718
Faulting application start time: 0x01d3796f3541031e
Faulting application path: c:\windows\system32\sihost.exe
Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
Report Id: b3e82118-4104-4ec6-9bb3-3db5bb58edd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 01:43:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0x80270233
Fault offset: 0x00000000001c4095
Faulting process id: 0x16f8
Faulting application start time: 0x01d3795dc6f21247
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: e688338e-db31-46b9-97af-92155ccf5170
Faulting package full name:
Faulting package-relative application ID:
Error: (12/20/2017 01:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
Exception code: 0x80270234
Fault offset: 0x000000000000d549
Faulting process id: 0x16cc
Faulting application start time: 0x01d3795db4f47300
Faulting application path: c:\windows\system32\sihost.exe
Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
Report Id: ca5f0f4b-b188-441c-ae08-88023e09a564
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/21/2017 06:15:50 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (12/21/2017 06:15:46 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:14:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:13:56 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:13:48 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:13:28 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:12:17 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:12:06 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:11:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/21/2017 06:11:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
CodeIntegrity:
===================================
Date: 2017-11-28 14:32:04.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.415
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.348
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.319
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.262
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.247
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-28 14:32:04.198
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Ryzen 5 1400 Quad-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 8147.62 MB
Available physical RAM: 6368.01 MB
Total Virtual: 13779.62 MB
Available Virtual: 12184.53 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:784.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
Partition: GPT.
==================== End of Addition.txt ============================
Not really seeing much that would point to malware unless you have run tools and it was deleted before you posted here.
Let's attempt to run a couple of tools and see if anything shows up.
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
created by Aura
Your next reply(ies) should therefore contain:
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log
kenanmp7
2017-12-22, 02:26
# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 21 23:20:48 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
** [ Services ] **
No malicious services deleted.
** [ Folders ] **
No malicious folders deleted.
** [ Files ] **
No malicious files deleted.
** [ DLL ] **
No malicious DLLs cleaned.
** [ WMI ] **
No malicious WMI cleaned.
** [ Shortcuts ] **
No malicious shortcuts cleaned.
** [ Tasks ] **
No malicious tasks deleted.
** [ Registry ] **
No malicious registry entries deleted.
** [ Firefox (and derivatives) ] **
No malicious Firefox entries deleted.
** [ Chromium (and derivatives) ] **
No malicious Chromium entries deleted.
**
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
**
C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2017/12/21 22:51:34]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Safe mode with network support
User : kenan [Administrator]
Started from : C:\Users\kenan\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 12/21/2017 19:00:00 (Duration : 00:19:12)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART [x][x] -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART [x][x] -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 162.150.8.37 162.150.21.37 ([-][United States]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c020dea-8882-4312-ae78-a59e16a24d73} | DhcpNameServer : 162.150.8.37 162.150.21.37 ([-][United States]) -> Replaced ()
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75WN4A0 +++++
--- User ---
[MBR] cb165e8ed9b39ad97831c42a41f1da89
[BSP] c17b8ea3482583ac4541527a940e30f5 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 239616 | Size: 500 MB
3 - Basic data partition | Offset (sectors): 1263616 | Size: 953252 MB
User = LL1 ... OK
User = LL2 ... OK
kenanmp7
2017-12-22, 02:47
So I'm pretty sure it removed those 8 registry keys or something but I still can't open anything, not sure if I just need to restart my pc or anything,
kenanmp7
2017-12-22, 03:11
So I'm pretty sure it removed those 8 registry keys or something but I still can't open anything, not sure if I just need to restart my pc or anything,
I have no idea what I'm talking about
Yes you can go on and reboot.
What kind of error message do you get when you try to open a program?
~~
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
created by Aura
kenanmp7
2017-12-22, 05:22
Different errors that I get are:
Class not registered error
There are no endpoints available from the endpoint mapper
This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.
Then there are other programs or things in task bar like like Chrome, the windows logo button, the search bar, etc.. That are just complete unresponsive to my clicks, no errors but nothing happens when I click on them.
Another error I get when I boot up even in safe mode is
sihost.exe - System Warning
Unknown Hard Error
And if I close it or select OK on the error my screen goes black and the only thing I can see is my mouse, I can't do anything else besides move my mouse. So I've just been leaving the error in the corner of my screen and not touching it.
Okay as for the quarantined items I didn't get any message saying to reboot or even delete the items for that matter, they are just sitting in the Quarantine section after doing the exact instructions, I'm not sure whether to click delete or not but it didn't say so in your instructions so I haven't yet. Here is the log though:
Emsisoft Emergency Kit 2017.11.0.8219 stable [en-us]
OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)
Quarantine log
Date Source Event Detection
12/21/2017 9:58:36 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} Moved to quarantine Application.AdReg (A)
12/21/2017 9:58:35 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Moved to quarantine Application.AdReg (A)
12/21/2017 9:58:35 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER Moved to quarantine Application.AdStart (A)
12/21/2017 9:58:35 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF} Moved to quarantine Application.BHO (A)
12/21/2017 9:58:35 PM C:\Program Files (x86)\AlphaConsole\AlphaConsoleUpdater.exe Moved to quarantine Trojan.Generic.22756039 (B)
12/21/2017 9:58:35 PM C:\Program Files (x86)\AlphaConsole\AlphaConsole.exe Moved to quarantine Gen:Variant.Johnnie.56305 (B)
Okay as for the quarantined items I didn't get any message saying to reboot or even delete the items for that matter, they are just sitting in the Quarantine section after doing the exact instructions, I'm not sure whether to click delete or not but it didn't say so in your instructions so I haven't yet.
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
You can reboot, as long as their in quarantine your safe.
Those errors
sihost.exe - System Warning
Unknown Hard Error
I went on the net to look those up, good grief, you wont believe the amount of people with this and from what I could tell it's related Microsoft.
And, if I read it right, it's only windows 10.
What most were telling people to do is sfc /scannow
But, not seeing how it's helping.
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system
Here's an example
https://answers.microsoft.com/en-us/windows/forum/windows_10-performance-winpc/sihostexe-system-warning-unknown-hard-error/5f910728-a78b-45fc-a3f9-57e6c2423fbd
What I can do from here is direct you to a tech forum (I'm a member there too) with these type of errors I can't with this....I don't have the knowledge.
Register, create a new topic and someone should be with you soon.
https://forums.whatthetech.com/index.php?showforum=119
I think we should remove tools and quarantine folders.
DelFix
Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
*********
kenanmp7
2017-12-22, 16:30
You didn't really answer my question on whether or not I can delete those items that are in the quarantined section. The HKLM registry keys or whatever. They've popped up in almost all the program scans so I don't know what they are or whether to just delete them all or not.
Also from what you're saying, you don't think it's a malware or rootkit? The main reason why believe it is, is because when I was first trying to download and install any type of malware tool to get rid of it, it was blocking all installations. Even when I went to download Rkill, it didn't let me download it until I downloaded the file that used a different name to hide itself from detection of the possible malware.
I would just like to get your opinion on these things before I go and do what you said.
You didn't really answer my question on whether or not I can delete those items that are in the quarantined section. The HKLM registry keys or whatever. They've popped up in almost all the program scans so I don't know what they are or whether to just delete them all or not.
Also from what you're saying, you don't think it's a malware or rootkit? The main reason why believe it is, is because when I was first trying to download and install any type of malware tool to get rid of it, it was blocking all installations. Even when I went to download Rkill, it didn't let me download it until I downloaded the file that used a different name to hide itself from detection of the possible malware.
I would just like to get your opinion on these things before I go and do what you said.
Yes, you can delete those items found by the scans.
Here is some of your problem
Error: (12/20/2017 05:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0x80270233
Fault offset: 0x00000000001c4095
Faulting process id: 0x84c
Faulting application start time: 0x01d379de6e075207
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: f612f9da-ea22-4aeb-8ec8-bad38a30f9f3
Faulting package full name:
Faulting package-relative application ID:
There is a bug in Windows 10 that shows for some users where they can’t change their system’s default programs in the Settings app. All their defaults have been reset to show “TWINUI”. This simply means that they have no default programs set, usually because of System Registry corruption, The problem can be resolved by restoring the registry from a backup before the corruption occurred.
Please read over this article referring to other windows 10 users. There are 2 pages try to read all the way through.
https://www.tenforums.com/software-apps/64420-what-twinui.html
~~~~~~~~~~~~~~~~~~~~~~~
One of my first comments were
Not really seeing much that would point to malware unless you have run tools and it was deleted before you posted here.
As for malware and rootkits, from what we've done so far theres no evidence.
Let's do this
Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
kenanmp7
2017-12-23, 02:19
I read the pages but it seems like they're talking about an issue with the browser/links and what not. I don't think that is my PC's issue.
Also I downloaded MBAR and it installed fine, did the scan, but once it finished and went to the cleanup page it said:
Congratulations, no cleanup is required!
Scan Finished: No malware found!
So I think I'm going to try what you said to do in your other reply because after all these different tools no malware has been discovered apparently. This is quite frustrating haha.
Many days go by when working on computers that they are frustrating.
Let me know how you make out.
Can you give me an update?
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.